I've been testing older tickets with Ymir. Testing CVE-2025-15538 in Assimp, which is bundled in qt6-qtquick3d, Ymir finds out there is no upstream fix for this issue, however, it should check whether this library or the affected part of the library is used and built as part of the package. In this case the issue is in LWOImporter, but on closer inspection it can be seen this code is not built as part of the Qt module, which means the triage should end up as NOT AFFECTED, but ends up requiring further input.
I've been testing older tickets with Ymir. Testing CVE-2025-15538 in Assimp, which is bundled in
qt6-qtquick3d, Ymir finds out there is no upstream fix for this issue, however, it should check whether this library or the affected part of the library is used and built as part of the package. In this case the issue is inLWOImporter, but on closer inspection it can be seen this code is not built as part of the Qt module, which means the triage should end up asNOT AFFECTED, but ends up requiring further input.