diff -Nru tomcat7-7.0.68/debian/changelog tomcat7-7.0.68/debian/changelog
--- tomcat7-7.0.68/debian/changelog	2018-10-24 18:59:54.000000000 +0000
+++ tomcat7-7.0.68/debian/changelog	2018-10-30 13:30:59.000000000 +0000
@@ -1,3 +1,12 @@
+tomcat7 (7.0.68-1ubuntu0.4) xenial-security; urgency=medium
+
+  * SECURITY REGRESSION: security manager startup issue (LP: #1799990)
+    - debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch:
+      update to new /var/lib/tomcat7/policy location.
+    - debian/tomcat7.postrm.in: remove policy directory.
+
+ -- Eduardo Barretto <eduardo.barretto@canonical.com>  Tue, 30 Oct 2018 09:54:52 -0300
+
 tomcat7 (7.0.68-1ubuntu0.3) xenial-security; urgency=medium
 
   * SECURITY UPDATE: Timing attack can determine valid user names.
diff -Nru tomcat7-7.0.68/debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch tomcat7-7.0.68/debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch
--- tomcat7-7.0.68/debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch	2016-02-18 09:23:48.000000000 +0000
+++ tomcat7-7.0.68/debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch	2018-10-30 13:15:56.000000000 +0000
@@ -5,6 +5,7 @@
 Make sure catalina.sh uses the Debian/Ubuntu java.security.policy
 file location when Tomcat is started with a security manager.
 
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1799990
 Bug-Ubuntu: https://bugs.launchpad.net/bugs/591802
 Bug-Debian: http://bugs.debian.org/585379
 Forwarded: not-needed
@@ -14,30 +15,30 @@
 
 --- a/bin/catalina.sh
 +++ b/bin/catalina.sh
-@@ -283,7 +283,7 @@
+@@ -283,7 +283,7 @@ if [ "$1" = "debug" ] ; then
          -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \
          -sourcepath "$CATALINA_HOME"/../../java \
          -Djava.security.manager \
 -        -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \
-+        -Djava.security.policy=="$CATALINA_BASE"/work/catalina.policy \
++        -Djava.security.policy=="$CATALINA_BASE"/policy/catalina.policy \
          -Dcatalina.base="$CATALINA_BASE" \
          -Dcatalina.home="$CATALINA_HOME" \
          -Djava.io.tmpdir="$CATALINA_TMPDIR" \
-@@ -310,7 +310,7 @@
+@@ -310,7 +310,7 @@ elif [ "$1" = "run" ]; then
      eval exec "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
        -Djava.endorsed.dirs="\"$JAVA_ENDORSED_DIRS\"" -classpath "\"$CLASSPATH\"" \
        -Djava.security.manager \
 -      -Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \
-+      -Djava.security.policy=="\"$CATALINA_BASE/work/catalina.policy\"" \
++      -Djava.security.policy=="\"$CATALINA_BASE/policy/catalina.policy\"" \
        -Dcatalina.base="\"$CATALINA_BASE\"" \
        -Dcatalina.home="\"$CATALINA_HOME\"" \
        -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
-@@ -376,7 +376,7 @@
+@@ -376,7 +376,7 @@ elif [ "$1" = "start" ] ; then
      eval "\"$_RUNJAVA\"" "\"$LOGGING_CONFIG\"" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \
        -Djava.endorsed.dirs="\"$JAVA_ENDORSED_DIRS\"" -classpath "\"$CLASSPATH\"" \
        -Djava.security.manager \
 -      -Djava.security.policy=="\"$CATALINA_BASE/conf/catalina.policy\"" \
-+      -Djava.security.policy=="\"$CATALINA_BASE/work/catalina.policy\"" \
++      -Djava.security.policy=="\"$CATALINA_BASE/policy/catalina.policy\"" \
        -Dcatalina.base="\"$CATALINA_BASE\"" \
        -Dcatalina.home="\"$CATALINA_HOME\"" \
        -Djava.io.tmpdir="\"$CATALINA_TMPDIR\"" \
diff -Nru tomcat7-7.0.68/debian/tomcat7.postrm.in tomcat7-7.0.68/debian/tomcat7.postrm.in
--- tomcat7-7.0.68/debian/tomcat7.postrm.in	2018-10-19 13:46:31.000000000 +0000
+++ tomcat7-7.0.68/debian/tomcat7.postrm.in	2018-10-30 13:29:55.000000000 +0000
@@ -8,6 +8,7 @@
 
 # Remove cached files and auto-generated catalina.policy
 rm -rf /var/cache/tomcat7/*
+rm -rf /var/lib/tomcat7/policy
 
 case "$1" in
     remove)