lighttpd security advisories report:
It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list.
In certain cases setuid() and similar can fail, potentially triggering lighttpd to restart running as root.
If FAMMonitorDirectory fails, the memory intended to store the context is released; some lines below the "version" compoment of that context is read. Reading invalid data doesn't matter, but the memory access could trigger a segfault.