> Anyone can post to anyone's security list. But they are private lists. It > is the part where discretion must occur in handling vulnerabilities until > >the fix is in and a CVE is posted that happens privately and that might work > better with some shared membership on the security lists. On AOOo, the >PPMC > is aware of any resolution that works into code, because of the way a > security fix gets committed into a release.
Sorry but I'm not a developper. Could you just tell me if OOo 3.3 and future 3.4 are concerned. I must to inform end-users on the FR forum
