AEA Lighttpd CVE-2014-2323

EAS installs default lighttpd v1.4.30.
This version has a known vulnerability at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323

Is there any update for this possible problem?