correct the cve-id of CVE-2016-5007

[MarkLee131]

No description provided.

[copernico]

@serenaponta @henrikplate Why did we need the -SEC modifier for the id of this vulnerability?

[serenaponta]

@copernico we had to create two entried as we identified fix commits in separate repositories and they were analysed as CVE-2016-5007 for "https://github.com/spring-projects/spring-framework.git and CVE-2016-5007-SEC for https://github.com/spring-projects/spring-security.git in Eclipse Steady (where each vulnerability was linked to a single repository). I am not sure the current repository in branch vulnerability-data includes both.

[copernico]

I guess the correct solution would be to have a single statement pointing to the two fixes (from different repositories, which would make this diverge from the one-repo-per-vulnerability model that Steady is based on).

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

MarkLee131 seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}