Opened 6 years ago

Closed 6 years ago

#534 closed defect (fixed)

windows Binary openssl-1.0.1f

Reported by: Paul Boca Owned by:
Priority: critical Milestone:
Component: other Version: 1.4.x
Keywords: Cc:
uname -a:
nginx -V: configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= -
-conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access
.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-te
mp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fast
cgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsg
i-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msv
c8/lib/pcre-8.32 --with-zlib=objs.msvc8/lib/zlib-1.2.8 --with-select_module --wi
th-http_realip_module --with-http_addition_module --with-http_sub_module --with-
http_dav_module --with-http_stub_status_module --with-http_flv_module --with-htt
p_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-htt
p_random_index_module --with-http_secure_link_module --with-mail --with-openssl=
objs.msvc8/lib/openssl-1.0.1f --with-openssl-opt=enable-tlsext --with-http_ssl_m
odule --with-mail_ssl_module --with-ipv6

Description

The windows Binary for nginx http://nginx.org/download/nginx-1.4.7.zip seems to be using open-ssl-1.0.1f which is vulnerable to the heartbleed bug.

Can this be updated.

Change History (1)

comment:1 by Maxim Dounin, 6 years ago

Resolution: fixed
Status: newclosed

Latest mainline version, nginx 1.5.13, was released today and is built with latest OpenSSL 1.0.1g (that is, with CVE-2014-0160 fixed). Note that mainline branch is recommended for win32, see nginx for Windows article.

Nevertheless, nginx 1.4.7 windows binary was updated as well and it's now built with OpenSSL 1.0.1g, too.

Note: See TracTickets for help on using tickets.