it looks like webkit is tagged as not-affected for CVE-2008-3950 in the security tracker [1], but there has been no discussion on the matter in this report. is the tracker data accurate? and if so, i think that this bug can safely be closed. mike [1] http://security-tracker.debian.net/tracker/CVE-2008-3950