This update for gpg2 fixes the following issues:
- CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396).
- CVE-2026-24883: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value (bsc#1257395).
- gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field (bsc#1256389).