Mark mini_httpd < 1.28 and thttpd < 2.28 as vulnerable as per:
http://acme.com/updates/archive/199.html
While we're here, fix whitespace in vuln.xml that "make validate"
flagged.
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Security: CVE-2017-17663
Differential Revision: D14217