(In reply to Andrea Mattiazzo from comment #1) > The packages below are or contain embedded packages that are vulnerable to > CVE-2024-50602. > > Tracking as affected: > - openSUSE:Factory/gammaray contains embedded package: libexpat > (R_2_0_1-33-ge3e81a6) > Seems irrelevant for openSUSE. Only Windows builds would be affected if KDStateMachineEditor isn't used (Gammaray < 3rdparty/KDStateMachineEditor < graphviz < expat for the 3rdparty chain)