secdb script misses some security fixes
The lua script for updating the secdb index checks for a line that begins with
"# secfixes". However, a handful of CVE reports begin with
"# security fixes" instead of
"secfixes". See, for example security fixes on master, or security fixes on 3.12.
Two options for fixes for this, that I see, are
- Updating all instances of
security fixes, and changing it to
secfixes. However, instances of
security fixesgo back to as early as 3.2, and I imagine you wouldn't want to patch released Alpine versions.
- Have the lua script also check for
# security fixes. It would mean some inconsistency remains in the codebase, but seems like a fine solution.
Happy to make a PR with the lua fix if we agree on the solution.