lighttpd 1.4.53-3 is marked for autoremoval from testing on 2019-05-19 It is affected by these RC bugs: 926885: lighttpd: CVE-2019-11072