id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
535	Windows Distribution Vulnerable Due to OpenSSL Bug	Aaron Riesbeck		"Due to the major security vulnerability in OpenSSL the windows binary offered on the nginx.org website needs to have its version of OpenSSL updated. The current release (1.5.13) from 4/8 is using OpenSSL 1.0.1g which is vulnerable.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Thanks,
Aaron
"	defect	closed	major		nginx-package	1.5.x	invalid	vulnerability		N/A (Windows)	"nginx version: nginx/1.5.13
TLS SNI support enabled
configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= -
-conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access
.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-te
mp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fast
cgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsg
i-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msv
c8/lib/pcre-8.34 --with-zlib=objs.msvc8/lib/zlib-1.2.8 --with-select_module --wi
th-http_realip_module --with-http_addition_module --with-http_sub_module --with-
http_dav_module --with-http_stub_status_module --with-http_flv_module --with-htt
p_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-htt
p_auth_request_module --with-http_random_index_module --with-http_secure_link_mo
dule --with-mail --with-openssl=objs.msvc8/lib/openssl-1.0.1g --with-openssl-opt
=enable-tlsext --with-http_ssl_module --with-mail_ssl_module --with-ipv6"