Comment 7 for bug 692996

NOT A BUG !!! DESIGN SECURITY PROBLEM !!!

Please see at /usr/share/doc/festival/changelog.Debian.gz

festival (1.96~beta-7) unstable; urgency=high

  * Do not start festival server by default.
    (Closes: #466796)
  * Revert use of debconf.
  * debian/festival.preinst:
    + Check for obsolete configuration files.
  * debian/{festival.init,festival.scm}: Now example files,
    documented with warnings about potential security
    issues by their use.
  * debian/README.Debian: Document server start details.

 -- Kumar Appaiah <email address hidden> Thu, 21 Feb 2008 09:40:52 +0530

And at /usr/share/doc/festival/examples/festival.init (Ubuntu 12.04 LTS) says:

# WARNING: It is inherently insecure to run a festival instance as a
# server, mainly because it exposes the whole system to exploits which
# can be easily used by attackers to gain access to your
# computer. This is because of the inherent design of the festival
# server. Please use it only in a situation where you are sure that
# you will not be subjected to such an attack, or have adequate
# security precautions.

I found this, also: http://www.securityfocus.com/bid/25069/discuss

This affects only local users who can escalate to root privileges. So, if you are (alone) using your own desktop, don't worry.