diff -u lighttpd-1.4.11/debian/patches/00list lighttpd-1.4.11/debian/patches/00list
--- lighttpd-1.4.11/debian/patches/00list
+++ lighttpd-1.4.11/debian/patches/00list
@@ -1,0 +2,2 @@
+05_security_zero_mtime_crash
+
diff -u lighttpd-1.4.11/debian/changelog lighttpd-1.4.11/debian/changelog
--- lighttpd-1.4.11/debian/changelog
+++ lighttpd-1.4.11/debian/changelog
@@ -1,3 +1,11 @@
+lighttpd (1.4.11-3ubuntu3.2) dapper-proposed; urgency=low
+
+  * Added relevant security fix from 1.4.14 (Closes LP: #107628)
+    - DOS with files with mtime 0 (CVE-2007-1870)
+       security_zero_mtime_crash
+
+ -- Scott Kitterman <scott@kitterman.com>  Tue, 24 Apr 2007 12:04:01 -0400
+
 lighttpd (1.4.11-3ubuntu3.1) dapper-proposed; urgency=low
 
   * debian/init.d: Update to current Debian script
only in patch2:
unchanged:
--- lighttpd-1.4.11.orig/debian/patches/05_security_zero_mtime_crash.dpatch
+++ lighttpd-1.4.11/debian/patches/05_security_zero_mtime_crash.dpatch
@@ -0,0 +1,18 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 05_security_zero_mtime_crash.dpatch by  <scott@kitterman.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad lighttpd-1.4.11~/src/server.c lighttpd-1.4.11/src/server.c
+--- lighttpd-1.4.11~/src/server.c	2006-03-04 12:12:17.000000000 -0500
++++ lighttpd-1.4.11/src/server.c	2007-04-24 12:06:32.000000000 -0400
+@@ -159,6 +159,7 @@
+ #undef CLEAN
+ 	
+ 	for (i = 0; i < FILE_CACHE_MAX; i++) {
++		srv->mtime_cache[i].mtime = (time_t)-1;
+ 		srv->mtime_cache[i].str = buffer_init();
+ 	}
+