added more details

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2016-06-06 19:47:42 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2016-06-06 19:47:42 +0200
commit: 0cbe8102b64f6e5f1fa5c317dd60991f0853132e (patch)
tree: 0e845a9d97f43207cfd2430540d85c511854a76a
parent: 4d6f806114f6553d2e4629e81025e5cbb54dd0b2 (diff)
download: gnutls-0cbe8102b64f6e5f1fa5c317dd60991f0853132e.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/security-entries/GNUTLS-SA-2016-1 b/security-entries/GNUTLS-SA-2016-1
index 5f16580bb6..ef0623edd0 100644
--- a/security-entries/GNUTLS-SA-2016-1
+++ b/security-entries/GNUTLS-SA-2016-1
@@ -2,6 +2,7 @@
     <td>File overwrite by setuid programs</td>
     <td>Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite
     and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12
-    and fixed in GnuTLS 3.4.13.
+    with the GNUTLS_KEYLOGFILE environment variable handling via getenv() and fixed
+    in GnuTLS 3.4.13 by switching to secure_getenv() where available.
 
     <b>Recommendation:</b> Upgrade to GnuTLS 3.4.13, or later versions.</td>
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2016-06-06 19:47:42 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2016-06-06 19:47:42 +0200
commit	0cbe8102b64f6e5f1fa5c317dd60991f0853132e (patch)
tree	0e845a9d97f43207cfd2430540d85c511854a76a
parent	4d6f806114f6553d2e4629e81025e5cbb54dd0b2 (diff)
download	gnutls-0cbe8102b64f6e5f1fa5c317dd60991f0853132e.tar.gz