Please see at /usr/share/doc/festival/changelog.Debian.gz
festival (1.96~beta-7) unstable; urgency=high
* Do not start festival server by default.
(Closes: #466796)
* Revert use of debconf.
* debian/festival.preinst:
+ Check for obsolete configuration files.
* debian/{festival.init,festival.scm}: Now example files,
documented with warnings about potential security
issues by their use.
* debian/README.Debian: Document server start details.
And at /usr/share/doc/festival/examples/festival.init (Ubuntu 12.04 LTS) says:
# WARNING: It is inherently insecure to run a festival instance as a
# server, mainly because it exposes the whole system to exploits which
# can be easily used by attackers to gain access to your
# computer. This is because of the inherent design of the festival
# server. Please use it only in a situation where you are sure that
# you will not be subjected to such an attack, or have adequate
# security precautions.
NOT A BUG !!! DESIGN SECURITY PROBLEM !!!
Please see at /usr/share/ doc/festival/ changelog. Debian. gz
festival (1.96~beta-7) unstable; urgency=high
* Do not start festival server by default. festival. preinst: {festival. init,festival. scm}: Now example files, README. Debian: Document server start details.
(Closes: #466796)
* Revert use of debconf.
* debian/
+ Check for obsolete configuration files.
* debian/
documented with warnings about potential security
issues by their use.
* debian/
-- Kumar Appaiah <email address hidden> Thu, 21 Feb 2008 09:40:52 +0530
And at /usr/share/ doc/festival/ examples/ festival. init (Ubuntu 12.04 LTS) says:
# WARNING: It is inherently insecure to run a festival instance as a
# server, mainly because it exposes the whole system to exploits which
# can be easily used by attackers to gain access to your
# computer. This is because of the inherent design of the festival
# server. Please use it only in a situation where you are sure that
# you will not be subjected to such an attack, or have adequate
# security precautions.
I found this, also: http:// www.securityfoc us.com/ bid/25069/ discuss
This affects only local users who can escalate to root privileges. So, if you are (alone) using your own desktop, don't worry.