doc: simplify valid security issue descriptions

PR-URL: https://github.com/nodejs/node/pull/23881
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

1 files changed, 4 insertions, 5 deletions

diff --git a/README.md b/README.md
index a8dc9a1453..1185f5b4ba 100644
--- a/README.md
+++ b/README.md
@@ -182,9 +182,8 @@ nonetheless.
 ### Private disclosure preferred
 
 - [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/):
-  _Fix invalid wildcard certificate validation check_. This is a high severity
-  defect that would allow a malicious TLS server to serve an invalid wildcard
-  certificate for its hostname and be improperly validated by a Node.js client.
+  _Fix invalid wildcard certificate validation check_. This was a high-severity
+  defect. It caused Node.js TLS clients to accept invalid wildcard certificates.
 
 - [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes
   the CacheBleed Attack possible_. Many, though not all, OpenSSL vulnerabilities
@@ -192,8 +191,8 @@ nonetheless.
 
 - [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/):
   _Fix defects in HTTP header parsing for requests and responses that can allow
-  response splitting_. While the impact of this vulnerability is application and
-  network dependent, it is remotely exploitable in the HTTP protocol.
+  response splitting_. This was a remotely-exploitable defect in the Node.js
+  HTTP implementation.
 
 When in doubt, please do send us a report.