Public CVE-2014-10072 disclosure

In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.