These are all security issues fixed in the lighttpd-1.4.37-1.6 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "lighttpd-mod_cml": "1.4.37-1.6", "lighttpd-mod_trigger_b4_dl": "1.4.37-1.6", "lighttpd": "1.4.37-1.6", "lighttpd-mod_magnet": "1.4.37-1.6", "lighttpd-mod_mysql_vhost": "1.4.37-1.6", "lighttpd-mod_geoip": "1.4.37-1.6", "lighttpd-mod_webdav": "1.4.37-1.6", "lighttpd-mod_rrdtool": "1.4.37-1.6" } ] }