"Some vulnerabilities have been reported in lighttpd, which can be exploited by
malicious people to bypass certain security restrictions or cause a DoS (Denial
CVE-2007-3946 Lighttpd SA 2007:04-07
CVE-2007-3947 Lighttpd SA 2007:03
CVE-2007-3949 Lighttpd SA 2007:08 (patch:
? Lighttpd SA 2007:09
Lighttpd 1.4.16 has just been released, and rebuilt for all current Fedora and
EPEL branches. Packages are waiting to be pushed.
lighttpd-1.4.16-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.