Hi, The version in etch is still vulnerable. I have patched it for local use. Hope the diff below helps. I used the two patches from http://secunia.com/advisories/24886/ :
http://www.lighttpd.net/assets/2007/4/13/lighttpd-1.4.x_crlf_parsing_dos.patch http://www.lighttpd.net/assets/2007/4/13/lighttpd-1.4.x_zero_mtime_crash.patch Jon.
lighttpd_1.4.13.patchjvaughan
Description: Binary data
