Setuid programs using GnuTLS could potentially allow an attacker to
overwrite and corrupt arbitrary files in the filesystem. This issue was
introduced in GnuTLS 3.4.12 with the GNUTLS_KEYLOGFILE environment
variable handling via getenv() and fixed in GnuTLS 3.4.13 by switching
to secure_getenv() where available.