[URGENT] Confirmation of Fixes for CVE's in 2.12.1

[Arenas, Aaron]

Hello Werner & freetype Team,

Can you confirm which or if all the following fixes/patches/commits that 
resolve issues and CVE's below are incorporate into latest available version, 
2.12.1?
Fix/Patch (i.e. commit)
Issue
CVE
53dfdcd8<https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db>
#1138<https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138>
CVE-2022-27404<https://nvd.nist.gov/vuln/detail/CVE-2022-27404>
22a0cccb<https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5>
#1139<https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139>
CVE-2022-27405<https://nvd.nist.gov/vuln/detail/CVE-2022-27405>
0c2bdb01<https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2>
#1140<https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140>
CVE-2022-27406<https://nvd.nist.gov/vuln/detail/CVE-2022-27406>

I see that version 2.12.1 was release 1 month ago 
here<https://gitlab.freedesktop.org/freetype/freetype/-/commit/e8ebfe988b5f57bfb9a3ecb13c70d9791bce9ecf>
 and that these fixes were committed 3 months ago. I would have expected the 
fixes to be incorporated. But it's unclear based results of code scan and 
changelog.

Additional Background
I am build an application using Electron. The latest pre-built Electron binary 
(19.0.6) contains freetype. Upon packaging my app and performing a code scan, 
this component and version were flagged with CVE's. I need to resolve these to 
mitigate any security risk associate with freetype.

If we could resolve this promptly, it would great appreciate. Time is of the 
essence on my end.

Thank you,
Aaron