Hi folks,

This is a question about understanding changes in recent new release.
I want to understand how new release e.g. 2.28.7 fix the vulnerable described in https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/.

Want to check that if following commits in new release, for example 2.28.7, are the actual commits for fixing the vulnerable above:

42175031ca48e2fba62b97fc802e5df33d5221ff
4fe396f1e1aa84346e23b89435a251624c205035
aa6760d7b5d9a218eaf072f4155974f58b00986b
601bffc4cec7c78cfc6b64048379172578fce13c

In short, they are first 4 commits in I found https://github.com/Mbed-TLS/mbedtls/compare/v2.28.6...v2.28.7

Thank you for any  help you can provide!

Best,
Yuxiang