The intent is that it contains a subset of the changes that have gone into mainline since the branch point (on the theory that adding the other changes may cause regressions)
the problem is that if changes are made to the stable branch that do not go into the mainline, then there is a real probability that the next stable branch will be missing the fix and users will break yet again
if the fix goes into 3.3.2, but not 3.4-mainline, then when the 3.4.0 mainline release (and the 3.4.1 stable release) come out then the fix will not be there and users will break yet again and justifiably scream about the incompetent kernel developers who can't track fixes.
this is the reason behind the policy that _nothing_ goes into stable unless it is already accepted into the mainline.
This isn't a high bar to reach, if you have a fix, send it to Linus for acceptance and cc the stable tree and it will get into both, but if you _only_ send it to stable, it won't get in.