Refer to USN-2165-1 for the OpenSSL notice on this vulnerability, and about it being fixed. This applies to libssl as well.
I am almost certain nginx doesn't static-link to libssl. Again, I'll double check this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1304304 Title: nginx ubuntu package possibly affected by CVE 2014-0160 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1304304/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
