WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers
to read images from arbitrary web sites via a CANVAS element with an
SVG image, related to a "cross-site image capture issue."
CVE indicates this is Windows/Mac only.
Apparently I was wrong. Pretty sure we aren't affected, but will investigate further.
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster. No GLSA for you.