A security update has been sent to Debian's security team and we expect that the current open issues in Stretch will be fixed in due time. Please note that Tomcat 7 in Stretch is not vulnerable to any of those issues because we only build the servlet API.
Regards, Markus
signature.asc
Description: OpenPGP digital signature