File _patchinfo of Package patchinfo.17532

<patchinfo incident="17532">
  <issue tracker="cve" id="2022-24976"/>
  <issue tracker="bnc" id="1174075">Changing %{_libexecdir} breaks some packages which are misusing the macro</issue>
  <issue tracker="bnc" id="1195989">VUL-0: CVE-2022-24976: atheme: General authentication bypass in Atheme IRC services with InspIRCd 3</issue>
  <packager>jengelh</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for atheme</summary>
  <description>This update for atheme fixes the following issues:

atheme was updated to release 7.2.12:

* CVE-2022-24976: Fixed General authentication bypass in Atheme IRC services with InspIRCd 3 [boo#1195989]
* Track SASL login EID

Update to release 7.2.11

* Add a preliminary Turkish translation
* Add HMAC-MD5 verify-only support to crypto/pbkdf2v2
* modules/chanserv/akick: fix unload crash with akicks that
  have timeouts
* modules/nickserv/multimark: use IRC case canonicalisation
  for restored nicks
* modules/nickserv/multimark: forbid unloading due to the
  potential for data loss
* CA_ constants: include CA_EXEMPT (+e) where appropriate

Update to new upstream release 7.2.10.r2

* Fix potential NULL dereference in modules/crypto/posix.
* Bump E-Mail address maximum length to 254 characters.
* Use flags setter information in modules/chanserv/access &amp;
  modules/chanserv/flags.
* Fix issue where modules/misc/httpd was not closing its
  listening socket on deinit.
* Fix GroupServ data loss issue when a group was the founder of
  another group.
</description>
</patchinfo>