Comment 2 for bug 298051

This bug was fixed in the package tomcat5.5 - 5.5.26-5ubuntu1

---------------
tomcat5.5 (5.5.26-5ubuntu1) jaunty; urgency=low

  * Merge from debian unstable (LP: #298043), remaining changes:
    - debian/control: add libecj-java builddep to fix FTBFS with default-jdk
    - debian/rules: Set java source and target version to 1.5
    - debian/rules: Don't fail install if Tomcat cannot be started
    - debian/tomcat5.5.init: Fix JVM list to match java2-runtime-headless
      providers, and do not refuse using JREs
    - debian/tomcat5.5.install: Don't install catalina.policy
  * debian/changelog: Removed duplicate entries
  * debian/tomcat5.5.init: Added LSB exit codes to status action (LP: #298051)
  * debian/rules: dropped Ubuntu-specific TearDown implementation which might
    break LifecycleListener

tomcat5.5 (5.5.26-5) unstable; urgency=medium

  * Merge changes from Ubuntu:
    - Use default-jre-headless, default-jdk as preferred alternatives.
    - tomcat5.5.init: Fix JDK list to match default-jre, java-6-openjdk
      and java-6-cacao. Closes: #495235.
    - tomcat5.5.postinst: Removed superfluous /etc/tomcat5.5/tomcat5.5 linking.
      Closes: #498487.
  * debian/copyright: Reference Apache 2.0 license in /usr/share/common/licenses

tomcat5.5 (5.5.26-4) unstable; urgency=high

  * Security issues fixed.
    - CVE-2008-1232: Cross-site scripting
    - CVE-2008-2370: Information disclosure
    - CVE-2008-2938: Directory traversal. Closes: #496309.

tomcat5.5 (5.5.26-3ubuntu3) intrepid; urgency=low

  * Set java source and target version to 1.5 (LP: #264808)

 -- Thierry Carrez <email address hidden> Tue, 18 Nov 2008 13:52:48 +0100