[graue]

Shoot, no patch for the 1.2.x series? That's disappointing. It's not that old, is it? I feel like I upgraded to 1.2.x, which was then the newest stable branch, just over a year ago.

[BobVerg]

It's _that_ old.

As I know, 1.2.x actually is obsoleted since May 2013, and there is no more support or bugfixes after this date.

[nashe]

Unfortunately, Debian's stable version is 1.2.1.

[FooBarWidget]

Just use third party APT packages.

You can either use the Phusion Passenger one: https://www.phusionpassenger.com/install_debian

Or the Nginx.org one: http://nginx.org/en/linux_packages.html

Both support Debian 6 and 7, and both supply the latest Nginx stable version.

[mappu]

Debian does commit to security support for packages in main, i expect they will backport the patch to their current version and send notification from security-announce when an update is released. Also keep an eye on https://security-tracker.debian.org/tracker/CVE-2013-4547

[Fuxy]

Ironically I'm getting an SSL error from them and it forces you to use https.

[BobVerg]

Last time it took them six months to do so.

[zzzcpan]

There is a patch for older versions: http://nginx.org/download/patch.2013.space.txt And nginx -V will show you how to rebuild it manually.