LTS report May 2024 =================== 1. Frontdesk duties from 03.06.2024 until 10.06.2024. I have been triaging and investigating CVE in libarchive, libvpx, nano, gnome-shell, r-base, snapd, libmodbus, libndp, pymongo, tcpdf, cyrus-imapd, unbound, php7.3, bluez, clojure, fprintd, freerdp2, netplan.io, python-aiosmtpd, qtnetworkauth-everywhere-src, scikit-learn, sredird, vte, vte2.91, mariadb-10.3 and golang-1.11. 2. I prepared and tested a security update for ghostscript fixing 5 CVE in buster which is due to be released. 3. I have been working on CVE-2024-4577 and CVE-2024-5458 in php7.3. 4. I started to get an overview about CVE-2024-33655 in unbound, a problem which is also casually known as "DNSBomb". Since there are no specific patches for the supported 1.9 branch, we will have to adjust the upstream changes on their master branch and verify they work for Buster.