GitLab

The lua script for updating the secdb index checks for a line that begins with "# secfixes". However, a handful of CVE reports begin with "# security fixes" instead of "secfixes". See, for example security fixes on master, or security fixes on 3.12.

Two options for fixes for this, that I see, are

1. Updating all instances of security fixes, and changing it to secfixes. However, instances of security fixes go back to as early as 3.2, and I imagine you wouldn't want to patch released Alpine versions.
2. Have the lua script also check for # security fixes. It would mean some inconsistency remains in the codebase, but seems like a fine solution.

Happy to make a PR with the lua fix if we agree on the solution.