CVE-2009-1698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1698): WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Patched here: https://bugs.gentoo.org/show_bug.cgi?id=279187 *** This bug has been marked as a duplicate of bug 279187 ***
kdelibs done doesn't mean other webkit implementations are not fixed.
eh s/not//
Changing whiteboard so this can be wrapped into a webkit-gtk GLSA.
No GLSA for you.