Debian: New tomcat5.5 packages fix several vulnerabilities
LinuxSecurity.com: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak.
