Add an update to the security incident page for November 22nd, 2012.

Approved by:	core, bcr (mentor, implicit)

en_US.ISO8859-1/htdocs/news/2012-compromise.xml

@@ -62,6 +62,7 @@
 
     <ul>
       <li><a href="#announce">Announcement</a></li>
+      <li><a href="#update20121122">Update: 22nd November 2012</a></li>
       <li><a href="#update20121118">Update: 18th November 2012</a></li>
       <li><a href="#details">Initial Details: 17th November 2012</a></li>
       <li><a href="#impact">What is the Impact?</a></li>
@@ -71,6 +72,27 @@
 
     <p>More details will be added here as they become available.</p>
 
+    <h1><a name="update20121122">Update: November 22nd, 2012</a></h1>
+
+    <p>Although not mentioned in the original report,
+      <a href="/doc/handbook/ctm.html">CTM</a> (another mechanism for
+      retrieving FreeBSD source) uses the master trusted Subversion
+      repository as the source of its data.  Additionally, verification of
+      CTM-sourced trees has been completed against the Subversion tree,
+      confirming that there are no differences between the two.  Our
+      experimental Git repository has been similarly verified.</p>
+
+    <p>Work continues on rebuilding internal infrastructure and reinstating
+      services taken down during the incident.  Web interfaces to the old
+      CVS repositories (CVSweb), and to GNATS (our bug-tracking database)
+      have been restored amongst other services, and other internal hosts
+      are being examined and rebuilt where necessary.  A full audit of the
+      package building infrastructure is ongoing.</p>
+
+    <p>The FreeBSD Project is investing significant effort into looking
+      into both medium and long term infrasture improvements to increase
+      security of the FreeBSD cluster.</p>
+
     <h1><a name="update20121118">Update: November 18th, 2012</a></h1>
 
     <p>Newer portsnap(8) snapshots are once again available.  The