48410: FAQ, METAFAQ: Mention zsh-security@.

ChangeLog

@@ -1,5 +1,8 @@
 2021-04-08  Daniel Shahaf  <d.s@daniel.shahaf.name>
 
+	* 48410: Doc/Zsh/metafaq.yo, Etc/FAQ.yo: FAQ, METAFAQ: Mention
+	zsh-security@.
+
 	* 48379: Src/subst.c, Test/D04parameter.ztst: Make the parameter
 	expansion subscript flags parse error message, "error in flags",
 	identify the location of the parse error.

Doc/Zsh/metafaq.yo

@@ -34,7 +34,7 @@ uref(http://zsh.sourceforge.net/).
 texinode(Mailing Lists)(The Zsh FAQ)(Availability)(Introduction)
 sect(Mailing Lists)
 cindex(mailing lists)
-Zsh has 3 mailing lists:
+Zsh has several mailing lists:
 
 startitem()
 item(tt(<zsh-announce@zsh.org>))(
@@ -47,6 +47,12 @@ User discussions.
 item(tt(<zsh-workers@zsh.org>))(
 Hacking, development, bug reports and patches.
 )
+item(tt(<zsh-security@zsh.org>))(
+Private mailing list (the general public cannot subscribe to it) for discussing
+bug reports with security implications, i.e., potential vulnerabilities.
+
+If you find a security problem in zsh itself, please mail this address.
+)
 enditem()
 
 To subscribe or unsubscribe, send mail

Etc/FAQ.yo

@@ -2542,6 +2542,11 @@ label(62)
   )
   (posting to the last one is currently restricted).
 
+  Finally, there is a private mailing list (the general public cannot subscribe
+  to it) for discussing bug reports with security implications, i.e., potential
+  vulnerabilities: mytt(zsh-security@zsh.org).  If you find a security problem
+  in zsh itself, please mail this address.
+
   Note that you should only join one of these lists:  people on
   zsh-workers receive all the lists, and people on zsh-users will
   also receive the announcements list.