LTS report May 2024
===================

1. Frontdesk duties from 03.06.2024 until 10.06.2024. I have been triaging and
   investigating CVE in libarchive, libvpx, nano, gnome-shell, r-base, snapd,
   libmodbus, libndp, pymongo, tcpdf, cyrus-imapd, unbound, php7.3, bluez,
   clojure, fprintd, freerdp2, netplan.io, python-aiosmtpd,
   qtnetworkauth-everywhere-src, scikit-learn, sredird, vte, vte2.91,
   mariadb-10.3 and golang-1.11.

2. I prepared and tested a security update for ghostscript fixing 5 CVE in
   buster which is due to be released.

3. I have been working on CVE-2024-4577 and CVE-2024-5458 in php7.3.

4. I started to get an overview about CVE-2024-33655 in unbound, a problem
   which is also casually known as "DNSBomb". Since there are no specific
   patches for the supported 1.9 branch, we will have to adjust the upstream
   changes on their master branch and verify they work for Buster.