These are all security issues fixed in the tomcat-8.0.36-3.3 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "tomcat-lib": "8.0.36-3.3", "tomcat-jsvc": "8.0.36-3.3", "tomcat-webapps": "8.0.36-3.3", "tomcat-embed": "8.0.36-3.3", "tomcat-docs-webapp": "8.0.36-3.3", "tomcat-servlet-3_1-api": "8.0.36-3.3", "tomcat": "8.0.36-3.3", "tomcat-el-3_0-api": "8.0.36-3.3", "tomcat-admin-webapps": "8.0.36-3.3", "tomcat-javadoc": "8.0.36-3.3", "tomcat-jsp-2_3-api": "8.0.36-3.3" } ] }