2 files changed, 11 insertions, 2 deletions

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index e154ef40d7c..964fc9ab424 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,9 @@
+2008-05-14  Simon Marshall  <simon@gnu.org>
+
+	* obsolete/fast-lock.el (fast-lock-cache-directories): Remove "."
+	from its default value and give it the risky-local-variable
+	property (CVE-2008-2142).
+
 2008-05-14  Kenichi Handa  <handa@m17n.org>
 
 	* language/korean.el ("Korean"): Set `iso639-language'
diff --git a/lisp/obsolete/fast-lock.el b/lisp/obsolete/fast-lock.el
index 0b85618ec1d..eba7b5bd3e4 100644
--- a/lisp/obsolete/fast-lock.el
+++ b/lisp/obsolete/fast-lock.el
@@ -270,7 +270,7 @@ for buffers in Rmail mode, and size is irrelevant otherwise."
 				      (integer :tag "size")))))
   :group 'fast-lock)
 
-(defcustom fast-lock-cache-directories '("." "~/.emacs-flc")
+(defcustom fast-lock-cache-directories '("~/.emacs-flc")
 ; - `internal', keep each file's Font Lock cache file in the same file.
 ; - `external', keep each file's Font Lock cache file in the same directory.
   "*Directories in which Font Lock cache files are saved and read.
@@ -288,12 +288,15 @@ For example:
  ((\"^/your/true/home/directory/\" . \".\") \"~/.emacs-flc\")
 
 would cause a file's current directory to be used if the file is under your
-home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'."
+home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'.
+For security reasons, it is not advisable to use the file's current directory
+to avoid the possibility of using the cache of another user."
   :type '(repeat (radio (directory :tag "directory")
 			(cons :tag "Matching"
 			      (regexp :tag "regexp")
 			      (directory :tag "directory"))))
   :group 'fast-lock)
+(put 'fast-lock-cache-directories 'risky-local-variable t)
 
 (defcustom fast-lock-save-events '(kill-buffer kill-emacs)
   "*Events under which caches will be saved.