Comment 7 for bug 1253691

cjwatson has told me that they will merge 1.4.4 from Debian into Trusty, once it's listed in `rmadison -u debian nginx`. Since nginx 1.4.4 has a fix for this CVE included in it, that should fix this bug for Trusty. (nginx 1.4.4 from Debian also addresses other bugs and issues in the Debian package, and is not yet displayed in rmadison because it was only uploaded today)