Debian Security Advisory 1609-1 - Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint.
47d9590cba1f0e6cca6378a35e695f31a892c064c75b91017f061d6d7867e0f4
Gentoo Linux Security Advisory GLSA 200803-10 - lighttpd contains a calculation error when allocating the global file descriptor array (CVE-2008-0983). Furthermore, it sends the source of a CGI script instead of returning a 500 error (Internal Server Error) when the fork() system call fails (CVE-2008-1111). Versions less than 1.4.18-r2 are affected.
360b597a94cb9975c44c892646eff653429144ecb590d27194b2bb0ecb765dc3