Multiple vulnerabilities have been discovered in GnuTLS, a library
implementing the TLS and SSL protocols. The Common Vulnerabilities and
Exposures project identifies the following problems:
- CVE-2014-8155
Missing date/time checks on CA certificates
- CVE-2015-0282
GnuTLS does not verify the RSA PKCS #1 signature algorithm to match
the signature algorithm in the certificate, leading to a potential
downgrade to a disallowed algorithm without detecting it.
- CVE-2015-0294
GnuTLS does not check whether the two signature algorithms match on
certificate import.
For Debian 6 Squeeze, these issues have been fixed in gnutls26 version 2.8.6-1+squeeze5