Two security issues have been found in the Tomcat servlet and JSP engine:
For the oldstable distribution (squeeze), these problems have been fixed in
version 6.0.35-1+squeeze3. This update also provides fixes for
CVE-2012-2733,
CVE-2012-3546,
CVE-2012-4431,
CVE-2012-4534,
CVE-2012-5885,
CVE-2012-5886 and
CVE-2012-5887,
which were all fixed for stable already.
For the stable distribution (wheezy), these problems have been fixed in
version 6.0.35-6+deb7u1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your tomcat6 packages.