GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. (CVE-2015-0294)
Impact
GnuTLS does not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, can lead to a bypass of the certificate signature check.