lighttpd 1.4.53-4 is marked for autoremoval from testing on 2019-05-20 It is affected by these RC bugs: 926885: lighttpd: CVE-2019-11072