GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. (CVE-2014-8155)
Impact
GnuTLS does not check activation and expiration dates of CA certificates. This can cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired.