There is currently no process to handle CVEs in REJECT or DISPUTED state so these CVEs are mostly kept in the related VTs without deleting them.
In the special case of “CVE-2019-18511” / USN-3997 i guess the text has a typo and it should refer to CVE-2018-18511 instead, see e.g. the correct Debian Advisory at e.g. https://www.debian.org/security/2019/dsa-4451 or the correct references in the Ubuntu USN.
This single LSC can (and will) be fixed quite easily in that specific LSC, thanks for letting us know. You might also want to contact the Ubuntu Security Team to get the USN advisory fixed / corrected.