http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt All distros currently at 1.4.13.
Since 1.4.15 doesn't seem to break any configuration syntax (I've tested an update on a few servers, some with complex setups), I've decided to update all currently supported branches to 1.4.15, which contains these fixes. Note that the CVE-2007-1869 bug was already fixed in the devel and EL-5 branches, but they hadn't yet been rebuilt.
Branches FC-5, FC-6 and devel (to become F7) have been updated. No EL packages yet, since lua is still missing from EPEL.