GnuPG follows a traditional versioning scheme where even numbers (e.g. 2.2 and 2.4) are release branches and odd numbers (2.3 and 2.5) are developer branches. So what we have to wait for is 2.4.9 fixing the vulnerabilities.
Alternatively, distributions will fix the critical ones independently. For instance, Debian 13 Trixie is using 2.4.7 and applies patches downstream. Regards
signature.asc
Description: This is a digitally signed message part
