This issue is tracked for Gentoo as
https://bugs.gentoo.org/show_bug.cgi?id=221197 and classified
a security bug. The bug report currently contains bug fixes
for GNU Emacs 21.4 and 22.2.

It looks like the 21.4 patch can be applied to fast-lock.el in
edit-utils directly. I'm not 100% sure about the
'risky-local-variable, although that it also used in align.el
and desktop.el.

"Marshall, Simon" <Simon.Marshall@misys.com> provides patch in
<6EE216E1AA959543A555C60FF34FB767041E7950@maileube01.misys.global.ad\
> on emacs-devel.

================================================================
Dear Bug Team!

The attached message was seen on emacs-devel.  Claimed to affect
XEmacs too.

================================================================

-------------- next part --------------
An embedded message was scrubbed...
From: unknown sender
Subject: no subject
Date: no date
Size: 6367
Url: http://calypso.tux.org/pipermail/xemacs-tracker/attachments/20080510/17968bcb/welinder.eml
-------------- next part --------------
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta@xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta