Candidate: CVE-2010-3996
PublicDate: 2010-11-05 17:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3996
Description:
 festival_server in Centre for Speech Technology Research (CSTR) Festival,
 probably 2.0.95-beta and earlier, places a zero-length directory name in
 the LD_LIBRARY_PATH, which allows local users to gain privileges via a
 Trojan horse shared library in the current working directory.
Ubuntu-Description:
Notes:
 debian> From Lenny onwards we don't include the server component)
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_a:
upstream_festival: released (2.1.0)
dapper_festival: ignored (reached end-of-life)
hardy_festival: ignored (reached end-of-life)
karmic_festival: ignored (reached end-of-life)
lucid_festival: ignored (reached end-of-life)
maverick_festival: ignored (reached end-of-life)
natty_festival: ignored (reached end-of-life)
oneiric_festival: ignored (reached end-of-life)
precise_festival: ignored (reached end-of-life)
precise/esm_festival: DNE (precise was needs-triage)
quantal_festival: ignored (reached end-of-life)
raring_festival: ignored (reached end-of-life)
saucy_festival: ignored (reached end-of-life)
trusty_festival: not-affected (1:2.1~release-6ubuntu1)
trusty/esm_festival: DNE (trusty was not-affected [1:2.1~release-6ubuntu1])
utopic_festival: ignored (reached end-of-life)
vivid_festival: ignored (reached end-of-life)
vivid/stable-phone-overlay_festival: DNE
vivid/ubuntu-core_festival: DNE
wily_festival: ignored (reached end-of-life)
xenial_festival: not-affected (1:2.1~release-6ubuntu1)
yakkety_festival: ignored (reached end-of-life)
zesty_festival: ignored (reached end-of-life)
artful_festival: ignored (reached end-of-life)
bionic_festival: not-affected (1:2.1~release-6ubuntu1)
cosmic_festival: not-affected (1:2.1~release-6ubuntu1)
devel_festival: not-affected (1:2.1~release-6ubuntu1)