diff --git a/ChangeLog b/ChangeLog
index 0f39088..7951161 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5653,7 +5653,7 @@ claims to be a string, which is probably more correct.  This should
 also eliminate server round-trips when clients ask for UTF-8, get a
 string, then ask for a string (Opera).
 ----------------------------------------------------------------------
-Tue Mar 15 23:03:57 2011                                           mej
+Tue Mar 15 23:03:57 2011                        Michael Jennings (mej)
 
 Fix for CVE-2011-0409 (CERT VU#285156), a use-after-free error in the
 XIM code.  This only affects versions where XIM support is compiled in
@@ -5663,3 +5663,12 @@ the team at Toucan System for responsibly disclosing this
 vulnerability and to CERT for assisting with coordination and
 disclosure.
 ----------------------------------------------------------------------
+Tue Mar 15 23:08:26 2011                        Michael Jennings (mej)
+
+Fix for CVE-2011-0768, an off-by-one error in handling large pixmap
+filenames which resulted in an overflow of a single NUL character if
+the filename exceeded PATH_MAX bytes.  This bug is NOT exploitable.
+Again, thanks to Jonathan Brossard and the team at Toucan System for
+responsibly disclosing this vulnerability and to CERT for assisting
+with coordination and disclosure.
+----------------------------------------------------------------------
diff --git a/src/pixmap.c b/src/pixmap.c
index a9e45ad..b544ad0 100644
--- a/src/pixmap.c
+++ b/src/pixmap.c
@@ -1327,7 +1327,7 @@ search_path(const char *pathlist, const char *file)
     D_OPTIONS(("search_path(\"%s\", \"%s\") called from \"%s\".\n", pathlist, file, name));
     if (len < PATH_MAX - 1) {
         strcat(name, "/");
-        strncat(name, file, PATH_MAX - len - 1);
+        strncat(name, file, PATH_MAX - len - 2);
     }
     D_OPTIONS(("Checking for file \"%s\"\n", name));
     if (!access(name, R_OK)) {