Comment 2 for bug 1994989

Thanks for taking the time to report this bug and helping to make Ubuntu better.
I've taken the time to triage some lighttpd CVEs and that should soon be reflected in the CVE web page.
I've downgraded the priority for that CVE specifically as it is 32-bit specific and hard to exploit according to upstream.

Since the package referred to in this bug is in universe, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures