Collecting all issues that were fixed in the r40220->1.1.10 bump
bug 284109 - WebKit Clickjacking (CVE-2009-1681) bug 284110 - WebKit Event Handler XSS (CVE-2009-1684) bug 284116 - WebKit GC ACE/DoS (CVE-2009-1687) bug 284121 - WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690) bug 284124 - WebKit HTMLSelectElement ACE/DoS (CVE-2009-1692) bug 284128 - WebKit Frame/Page transition XSS (CVE-2009-1695)
bug 284131 - WebKit HTTP header CRLF injection (CVE-2009-1697) bug 284132 - WebKit CSS NULL-pointer deref ACE/DoS (CVE-2009-1698) bug 284137 - WebKit JS DOM "dir" attribute Use-after-free (CVE-2009-1701) bug 284138 - WebKit Location and History XSS (CVE-2009-1702) bug 284140 - WebKit file: URL file existence disclosure (CVE-2009-1703) bug 284147 - WebKit Remote loading of Java applets is not prohibited (CVE-2009-1712) bug 284153 - WebKit Drag event Information Disclosure (CVE-2009-1718) bug 271865 - net-libs/webkit-gtk XML nested A infinite loop (CVE-2009-1233)
the oldest version of webkit in portage is version 1.1.15.4 so this should maybe be marked fixed?
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster.