Update status for CVE-2018-6406 and CVE-2018-6548

Update status to match the following: If source is affected but since
the resulting binaries in Debian are not (due to not building with
support for VP9), mark it as unfixed, but with unimportant severity.