On Tue, Feb 19, 2008 at 12:16:14PM +0100, Nico Golde wrote: > Hi Tim, > this is somehow strange, this CVE id was already fixed in > 1.4.3-21 referring to the security tracker (see bug #435445 > for reference). > > Did this fix got lost somewhere in the package history?
Dear Nico, It appears that the troublesome issue of running festival as a less privileged user was handled in the last upload. However, what was not handled was the restriction of accesss to localhost by default, and the necessity to introduce a password for this purpose. The last upload, which Tim has checked a few times, introduces this feature, and thus, makes the security aspect a bit more complete. Hope this is fine. Thanks for the follow up. Kumar -- Kumar Appaiah, 458, Jamuna Hostel, Indian Institute of Technology Madras, Chennai - 600 036
signature.asc
Description: Digital signature
