- fix strcoll() integer overflow leading to buffer overflow (CVE-2012-4412) - fix alloca() stack overflow in the strcoll() interface (CVE-2012-4424)