First of all, thanks for filing this bug and trying to make Ubuntu better. As commented in #2 by Eduardo, tomcat8 is an universe package which means it is community maintained. I am subscribing ~ubuntu-server to this bug which will add it to the Ubuntu Server team backlog (community team) and anyone can grab it and work on it.
If you are not familiar with the packaging work needed but you are willing to learn I can try to guide you through this process. The documentation linked above is a good start for security updates but you can also check this page to understand how to contribute to universe packages: https://wiki.ubuntu.com/MOTU/Contributing Let me know if you want some guidance or have any question. ** Changed in: tomcat8 (Ubuntu) Status: New => Triaged ** Also affects: tomcat9 (Ubuntu) Importance: Undecided Status: New ** Changed in: tomcat9 (Ubuntu) Status: New => Fix Released ** Also affects: tomcat8 (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: tomcat9 (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: tomcat9 (Ubuntu Focal) Status: New => Triaged ** Also affects: tomcat8 (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: tomcat9 (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: tomcat9 (Ubuntu Bionic) Status: New => Triaged ** Changed in: tomcat8 (Ubuntu) Status: Triaged => Invalid ** Changed in: tomcat8 (Ubuntu Bionic) Status: New => Triaged ** Changed in: tomcat8 (Ubuntu Focal) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1885738 Title: Apache Tomcat HTTP/2 Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1885738/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs