no word of this yet on the torproject.org site. I'm interested to learn whether it extends to vulnerabilities within TorBrowser, or just their "hidden services stuffs".
I hope it results in development going on to handle the "auto/quick update" feature of the TBB. Way too many just click on the quick update from within the bundle. There doesn't seem to be a concern that its not rock solid like updating the linux OS would be. I believe this is a large ding in TBB's armor because given the choice to be lazy most will do so. So in keeping with this thread the development would happen after discovery and tweaking of why the auto update feature introduces weakness.
Have you previously reported anything? FWIW, I have done so twice, more than a year ago... and those bugzilla tickets are still not closed (and are still relevant).