Sometimes a newer version of popular packages may no longer support older config options. So either you have to painstakingly port all the old config options to the new ones, or hold off on updating the applications at all. One way to do it would be to only upgrade the packages that you do want to upgrade like this:
apt-get install --only-upgrade packagename, but the problem with this way of upgrading individual packages is that you there is always a chance that you might accidentally do a full upgrade like this (like I usually do)
apt-get update && apt-get upgrade.
So it’s better to put these packages on hold so that they don’t show up on update notifications at all. Like this:
sudo apt-mark hold packagename and this way there is no chance that you might accidentally do an upgrade on packages that you don’t want to upgrade. You can also easily unhold a package like this:
sudo apt-mark unhold packagename. To find out all the packages that have been put on hold, you grep your installed packages for “hold” keyword, like this:
# dpkg --get-selections | grep "hold" libvarnishapi1 hold nginx hold nginx-common hold nginx-full hold php5-fpm hold varnish hold