Description
GnuTLS was updated to fix two security issues:
* CVE-2015-0294: A certificate algorithm consistency checking issue
was fixed, where GnuTLS did not check whether the two signature
algorithms match on certificate import. This problem is not deemed
to be exploitable currently.
* CVE-2015-0282: GNUTLS-SA-2015-1: GnuTLS did not verify the RSA PKCS
#1 signature algorithm to match the signature algorithm in the
certificate, leading to a potential downgrade to a disallowed algorithm, such as MD5, without detecting it.