$ grep nginx /etc/passwd
I think I'm safe. Now installing updates patches bash.
Anyway, I've seen that syntax before (I'm talking of years here), on #bash in freenode.
Simply nobody did apply this from a security view point in the channel...