Comment 10 for bug 1048203

CVE-2012-4412 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4412):
  Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or
  libc6) 2.17 and earlier allows context-dependent attackers to cause a denial
  of service (crash) or possibly execute arbitrary code via a long string,
  which triggers a heap-based buffer overflow.