Missing CVE for a "fixed version" of heimdal package in release 3.6

Hey @ncopa @Leo! Seems like there is an issue with the secdb data for alpine 3.6 for the package heimdal https://secdb.alpinelinux.org/v3.6/main.json for version 7.4.0-r0, potentially after the changes to use the golang script instead of the lua one . The issue seem to be coming from the aports data, you can see on the master branch in aports there is a CVE assigned to the fixed version 7.4.0-r0 https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/heimdal/APKBUILD while for branch 3.6-stable, the CVE is missing and the fixed version does exist https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.6-stable/main/heimdal/APKBUILD

Should the CVE be added for the 3.6 release as well, or the fixed version should be removed?