lighttpd got a new release which fixes a lot of security issues. Just check the provided url for a description. Would be nice to get it in portage quickly (even if a lot of other bugs aren't fixed :( ). Reproducible: Always
Already fixed in 1.4.15-r1 for Bug 185442, not a security issue for us.
*lighttpd-1.4.16 (05 Aug 2007) 05 Aug 2007; Thilo Bangert <bangert@gentoo.org> +files/1.4.16/03_all_lighttpd-1.4.11-errorlog-pipe.diff, +files/1.4.16/04_all_lighttpd-1.4.13-deprecated-ldap-api.diff, +lighttpd-1.4.16.ebuild: version bump