Debian Linux Security Advisory 3738-1 - Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.
8028bec437fa228aa9afd33369c757ee09d5b8098a5f487ad4cc3e28b24b9e87