Adjust tracking of CVE-2019-9143 and CVE-2019-9144

The issues until some time ago only ever affected experimental, but then
a 0.27.2 based version was uploaded to unstable moving the vulnerable
state there. Adjust tracking and mark the fixed version first in
unstable as 0.27.2-8.