From owner-svn-ports-all@freebsd.org  Mon Jan 16 19:58:42 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF7DBCB3699;
 Mon, 16 Jan 2017 19:58:42 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: from anoxia.adamw.org (anoxia.adamw.org [104.225.8.149])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "anoxia.adamw.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 72A461C9E;
 Mon, 16 Jan 2017 19:58:42 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: by anoxia.adamw.org (OpenSMTPD) with ESMTPSA id fd9f6763
 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO;
 Mon, 16 Jan 2017 12:58:40 -0700 (MST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: svn commit: r431689 - head/www/tt-rss
From: Adam Weinberger <adamw@adamw.org>
In-Reply-To: <20170116190730.GH2202@graf.pompo.net>
Date: Mon, 16 Jan 2017 12:58:38 -0700
Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <F97DB919-3AF3-4823-9511-565F259C79B5@adamw.org>
References: <201701161855.v0GItwYn000700@repo.freebsd.org>
 <20170116190730.GH2202@graf.pompo.net>
To: Thierry Thomas <thierry@FreeBSD.org>,
 ports-secteam@freebsd.org
X-Mailer: Apple Mail (2.3259)
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2017 19:58:43 -0000

> On 16 Jan, 2017, at 12:07, Thierry Thomas <thierry@FreeBSD.org> wrote:
>=20
> Le lun. 16 janv. 17 =C3=A0 19:55:58 +0100, Thierry Thomas =
<thierry@FreeBSD.org>
> =C3=A9crivait :
>> Author: thierry
>> Date: Mon Jan 16 18:55:58 2017
>> New Revision: 431689
>> URL: https://svnweb.freebsd.org/changeset/ports/431689
>>=20
>> Log:
>>  Fix another phpmailer vulnerability.
>>=20
>>  MFC after:	1 day
>>  Security:	CVE-2016-10033
>=20
> The message on the mailing list is about CVE-2016-10033, but actually =
it
> should be:
>=20
> Security:	CVE-2017-5223
> (fixed in phpmailer 5.2.22)

The "MFH" key triggers an automatic review by ports-secteam. So,

MFH:	2017Q1

"MFC after" does not trigger this.

Cc'ing ports-secteam on this message to make sure it's on their radar.

# Adam


--=20
Adam Weinberger
adamw@adamw.org
https://www.adamw.org