diff --git a/NEWS b/NEWS
index a7d086bd..0db2e5b7 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,10 @@ Enhancements:
 
 Fixes:
 
+• CVE-2012-3524: Don't access environment variables (fd.o #52202)
+  Thanks to work and input from Colin Walters, Simon McVittie,
+  Geoffrey Thomas, and others.
+
 • Unix-specific:
   · Fix compilation on Solaris (fd.o #53286, Jonathan Perkin)
   · Work around interdependent headers on OpenBSD by including sys/types.h
diff --git a/bus/activation-helper.c b/bus/activation-helper.c
index cbc00d2f..8d7ae36f 100644
--- a/bus/activation-helper.c
+++ b/bus/activation-helper.c
@@ -154,11 +154,11 @@ clear_environment (DBusError *error)
                       "could not clear environment\n");
       return FALSE;
     }
-#endif
 
   /* Ensure the bus is set to system */
   _dbus_setenv ("DBUS_STARTER_ADDRESS", DBUS_SYSTEM_BUS_DEFAULT_ADDRESS);
   _dbus_setenv ("DBUS_STARTER_BUS_TYPE", "system");
+#endif
 
   return TRUE;
 }