diff --git a/patches/nginx-1.2.7-cve-2013-2070.patch b/patches/nginx-1.2.7-cve-2013-2070.patch
new file mode 100644
index 0000000..0154107
--- /dev/null
+++ b/patches/nginx-1.2.7-cve-2013-2070.patch
@@ -0,0 +1,13 @@
+--- src/http/modules/ngx_http_proxy_module.c
++++ src/http/modules/ngx_http_proxy_module.c
+@@ -1865,6 +1865,10 @@ data:
+ 
+     }
+ 
++    if (ctx->size < 0 || ctx->length < 0) {
++        goto invalid;
++    }
++
+     return rc;
+ 
+ done:
diff --git a/patches/nginx-1.2.8-cve-2013-2070.patch b/patches/nginx-1.2.8-cve-2013-2070.patch
new file mode 100644
index 0000000..0154107
--- /dev/null
+++ b/patches/nginx-1.2.8-cve-2013-2070.patch
@@ -0,0 +1,13 @@
+--- src/http/modules/ngx_http_proxy_module.c
++++ src/http/modules/ngx_http_proxy_module.c
+@@ -1865,6 +1865,10 @@ data:
+ 
+     }
+ 
++    if (ctx->size < 0 || ctx->length < 0) {
++        goto invalid;
++    }
++
+     return rc;
+ 
+ done:
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
index 4d77eec..0ad3ef5 100755
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@@ -146,6 +146,10 @@ if [ "$answer" = "N" ]; then
     echo
 fi
 
+echo "$info_txt applying patches/nginx-$main_ver-cve-2013-2070.patch for nginx"
+patch -p0 < $root/patches/nginx-$main_ver-cve-2013-2070.patch || exit 1
+echo
+
 rm -f *.patch || exit 1
 
 cd .. || exit 1
diff --git a/util/ver b/util/ver
index afb940a..596254c 100755
--- a/util/ver
+++ b/util/ver
@@ -2,7 +2,7 @@
 
 #main_ver=1.3.11
 main_ver=1.2.8
-minor_ver=1
+minor_ver=3
 version=$main_ver.$minor_ver
 echo $version