This bug was fixed in the package nginx - 1.4.6-1ubuntu3.1
--------------- nginx (1.4.6-1ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478) - debian/patches/CVE-2014-3616.patch: include hash of certificate in session id context in src/event/ngx_event_openssl.c. - CVE-2014-3616 -- Marc Deslauriers <email address hidden> Wed, 17 Sep 2014 08:56:46 -0400
This bug was fixed in the package nginx - 1.4.6-1ubuntu3.1
---------------
nginx (1.4.6-1ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478) patches/ CVE-2014- 3616.patch: include hash of certificate in ngx_event_ openssl. c.
- debian/
session id context in src/event/
- CVE-2014-3616
-- Marc Deslauriers <email address hidden> Wed, 17 Sep 2014 08:56:46 -0400