Hi, The application we are using uses Eclipse Equinox, which is an OSGI framework. It is not trying to parse the debian version number, it is trying to parse the version of exported OSGI packages. This is used to resolve dependencies and is a core feature of OSGI.
It looks like the offending version number comes from the Export-Package[1] attribute in /usr/share/tomcat7/lib/tomcat-jdbc.jar:/META-INF/MANIFEST.MF In the stable package (7.0.56-3+deb8u11), the version reads "7.0.56" In the security update (7.0.56-3+really7.0.88-1) it reads "7.0.56-3+really7.0.88" This simply isn't a valid version specification, see e.g. http://www.eclipse.org/virgo/documentation/virgo-documentation-3.7.0.M01/docs/virgo-user-guide/html/ch02s02.html#d0e341 The stable package must have set this version number independently. If this is actually 7.0.88, I suggest that that should be put in there. EmTeedee [1]: the complete attribute looks like this: Export-Package: org.apache.tomcat.jdbc.naming;uses:="javax.naming,org. apache.juli.logging,javax.naming.spi";version="7.0.56",org.apache.tom cat.jdbc.pool;uses:="org.apache.juli.logging,javax.sql,org.apache.tom cat.jdbc.pool.jmx,javax.management,javax.naming,javax.naming.spi,org. apache.tomcat.jdbc.pool.interceptor";version="7.0.56",org.apache.tomc at.jdbc.pool.interceptor;uses:="org.apache.tomcat.jdbc.pool,org.apach e.juli.logging,javax.management.openmbean,javax.management";version=" 7.0.56",org.apache.tomcat.jdbc.pool.jmx;uses:="org.apache.tomcat.jdbc .pool,org.apache.juli.logging,javax.management";version="7.0.56"