VULN-DISCLOSURE-POLICY.md: 7 days embargo is max

It was recently updated in this doc to seven, but there were *two*
numbers mentioned and only one of them was updated leaving the paragraph
quite confusing.

Follow-up to 83c90e50472f32b74e388f6e524d

Closes #17921

diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md
index 9ed196f67f7f5827b586865af0741cbc6245b18b..00cdf86ec03b84a64d306efdb9c2bd462748ecdc 100644 (file)
--- a/docs/VULN-DISCLOSURE-POLICY.md
+++ b/docs/VULN-DISCLOSURE-POLICY.md
@@ -84,7 +84,7 @@ announcement.
   [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros)
   to prepare them about the upcoming public security vulnerability
   announcement - attach the advisory draft for information with CVE and
-  current patch. 'distros' does not accept an embargo longer than 14 days and
+  current patch. 'distros' does not accept an embargo longer than 7 days and
   they do not care for Windows-specific flaws.
 
 - No more than 48 hours before the release, the private branch is merged into