Update information on CVE-2019-8375 and CVE-2017-17821

According the triage from Berto in
https://lists.debian.org/debian-security-tracker/2019/09/msg00002.html
those are fixed in 2.23.90 and 2.21.3. Marking those as fixed with the
first version in unstable following those and including the fix.