--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lighttpd/patches/CVE-2015-3200.patch Tue May 26 06:49:06 2015 -0700
@@ -0,0 +1,16 @@
+Patch origin: in-house
+Patch status: submitted to upstream
+
+http://redmine.lighttpd.net/issues/2646
+
+--- src/http_auth.c
++++ src/http_auth.c
+@@ -857,7 +857,7 @@
+
+ /* r2 == user:password */
+ if (NULL == (pw = strchr(username->ptr, ':'))) {
+- log_error_write(srv, __FILE__, __LINE__, "sb", ": is missing in", username);
++ log_error_write(srv, __FILE__, __LINE__, "s", ": is missing in decoded base64-string");
+
+ buffer_free(username);
+ return 0;