Directory /var/log/nginx is world readable [CVE-2013-0337]

I know that at the very least, Precise, Quantal, Raring, Saucy, and Trusty are affected by this bug. I believe that Lucid may also be affected and I will have to look into that to confirm.

I have asked Colin Watson (cjwatson) to merge 1.4.4-2 from Debian to Trusty, as 1.4.4-2 contains the fix for this, as well as other Debian bugfixes.

I have the diff from Debian git (see http://anonscm.debian.org/gitweb/?p=collab-maint/nginx.git;a=commitdiff_plain;h=3a4f08671c87b7fc89e077542edfd6eb651f1803 for the diff) that applies a fix for this, and will nit-pick the specific changes from this for the security fixes for the affected Ubuntu versions.

1.4.4-2ubuntu1 was uploaded by cjwatson and was published on December 28, 2013 in Trusty. This merge of 1.4.4-2 from Debian Unstable contained the changes which closed Debian bug 701112 (which is linked to this bug). This fix is now in Trusty, however the changelog for 1.4.4-2ubuntu1 did not reference this bug number so it was not automatically "Fix Released" for Trusty.

Importance changed to "Low" with the blessings of the security team.

Marc Deslauriers (mdeslaur) on IRC stated that the CVE is getting a "Low" importance state in the tracker, so I have adjusted the importance on this bug accordingly.

saucy has seen the end of its life and is no longer receiving any updates. Marking the saucy task for this ticket as "Won't Fix".

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release