This been patched before the CVE was assigned a week ago as part of bug #915582 in dev-qt/qtsvg-6.6.0-r1. Unpatched 6.6.0-r0 only existed in the tree for two days. 6.5.2 and 6.5.3 should not be affected, the changes that caused this missed the release window and were scheduled for 6.5.4