Mark CVE-2017-9801 and CVE-2018-1294 as not affected

Since no ever present version in Debian was affected, and the issues
fixed within or before an upstream version of the initial upload we mark
those as not-affected with a respective descprition that the issues were
fixed with/before the initial upload to Debian.