diff --git a/patches/nginx-1.2.7-cve-2013-2070.patch b/patches/nginx-1.2.7-cve-2013-2070.patch
new file mode 100644
index 0000000..0154107
--- /dev/null
+++ b/patches/nginx-1.2.7-cve-2013-2070.patch
@@ -0,0 +1,13 @@
+--- src/http/modules/ngx_http_proxy_module.c
++++ src/http/modules/ngx_http_proxy_module.c
+@@ -1865,6 +1865,10 @@ data:
+ 
+     }
+ 
++    if (ctx->size < 0 || ctx->length < 0) {
++        goto invalid;
++    }
++
+     return rc;
+ 
+ done:
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
index c4210a7..66b6251 100755
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@@ -143,6 +143,10 @@ echo "$info_txt applying the run_posted_requests_in_resolver patch for nginx"
 patch -p1 < $root/patches/nginx-$main_ver-run_posted_requests_in_resolver.patch || exit 1
 echo
 
+echo "$info_txt applying patches/nginx-$main_ver-cve-2013-2070.patch for nginx"
+patch -p0 < $root/patches/nginx-$main_ver-cve-2013-2070.patch || exit 1
+echo
+
 rm -f *.patch || exit 1
 
 cd .. || exit 1
diff --git a/util/ver b/util/ver
index 68aa35c..49e9ea4 100755
--- a/util/ver
+++ b/util/ver
@@ -2,7 +2,7 @@
 
 #main_ver=1.3.11
 main_ver=1.2.7
-minor_ver=6
+minor_ver=8
 version=$main_ver.$minor_ver
 echo $version