Missing CVE for a "fixed version" of heimdal package in release 3.6
Hey @ncopa @Leo!
Seems like there is an issue with the secdb data for alpine 3.6 for the package heimdal https://secdb.alpinelinux.org/v3.6/main.json for version 7.4.0-r0, potentially after the changes to use the golang script instead of the lua one .
The issue seem to be coming from the aports data, you can see on the master branch in aports there is a CVE assigned to the fixed version 7.4.0-r0
https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/heimdal/APKBUILD while for branch 3.6-stable, the CVE is missing and the fixed version does exist https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.6-stable/main/heimdal/APKBUILD
Should the CVE be added for the 3.6 release as well, or the fixed version should be removed?