Mark mini_httpd < 1.28 and thttpd < 2.28 as vulnerable as per:

http://acme.com/updates/archive/199.html

While we're here, fix whitespace in vuln.xml that "make validate"
flagged.

Reviewed by: ler (mentor)
Approved by: ler (mentor)
Security: CVE-2017-17663
Differential Revision: D14217