diff -Nru nginx-1.4.6/debian/changelog nginx-1.4.6/debian/changelog
--- nginx-1.4.6/debian/changelog	2014-09-17 08:58:58.000000000 -0400
+++ nginx-1.4.6/debian/changelog	2014-10-22 09:42:31.000000000 -0400
@@ -1,3 +1,10 @@
+nginx (1.4.6-1ubuntu3.2) trusty-security; urgency=medium
+
+  * debian/conf/sites-available/default: Remove SSLv3 from the ssl_protocols
+    line in the default config example, due to POODLE vulnerability.
+
+ -- Thomas Ward <teward@dark-net.net>  Wed, 22 Oct 2014 09:42:04 -0400
+
 nginx (1.4.6-1ubuntu3.1) trusty-security; urgency=medium
 
   * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
diff -Nru nginx-1.4.6/debian/conf/sites-available/default nginx-1.4.6/debian/conf/sites-available/default
--- nginx-1.4.6/debian/conf/sites-available/default	2014-03-04 17:25:36.000000000 -0500
+++ nginx-1.4.6/debian/conf/sites-available/default	2014-10-22 09:41:59.000000000 -0400
@@ -102,7 +102,7 @@
 #
 #	ssl_session_timeout 5m;
 #
-#	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+#	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
 #	ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
 #	ssl_prefer_server_ciphers on;
 #