Comment 6 for bug 1663318

This is https://bz.apache.org/bugzilla/show_bug.cgi?id=57544

It wasn't handled as a security issue at the time. I suspect because it wasn't clear what was triggering the loop.

The fix is (for 7.0.x):
http://svn.apache.org/viewvc?view=revision&revision=1657910
http://svn.apache.org/viewvc?view=revision&revision=1658209

This looks like it needs to be reported to the Debian folks. The Debian maintainer for Tomcat has recently been made a Tomcat committer. I'll ping him.