* New upstream version (LP: #260016) - Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802) - Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922) - Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926) * Dropped CVE-2008-1947.patch (fix is shipped in this upstream release) * control: Improve short descriptions for the binary packages * copyright: Added link to /usr/share/common-licenses/Apache-2.0 * control: To pull the right JRE, libtomcat6-java now depends on default-jre-headless | java6-runtime-headless