- fix denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call (CVE-2011-1071)