package: src:lighttpd severity: serious version: 1.4.28-2 tag: security lighttpd just released a security announcement: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt This was assigned the following CVEs: SQL injection - use CVE-2014-2323. path traversal - use CVE-2014-2324. Best wishes, Mike