From 0cbe8102b64f6e5f1fa5c317dd60991f0853132e Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 6 Jun 2016 19:47:42 +0200
Subject: added more details

---
 security-entries/GNUTLS-SA-2016-1 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security-entries/GNUTLS-SA-2016-1 b/security-entries/GNUTLS-SA-2016-1
index 5f16580bb6..ef0623edd0 100644
--- a/security-entries/GNUTLS-SA-2016-1
+++ b/security-entries/GNUTLS-SA-2016-1
@@ -2,6 +2,7 @@
     <td>File overwrite by setuid programs</td>
     <td>Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite
     and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12
-    and fixed in GnuTLS 3.4.13.
+    with the GNUTLS_KEYLOGFILE environment variable handling via getenv() and fixed
+    in GnuTLS 3.4.13 by switching to secure_getenv() where available.
 
     <b>Recommendation:</b> Upgrade to GnuTLS 3.4.13, or later versions.</td>
-- 
cgit v1.2.1