This month I had 10 hours and I spent my 10 hours on the following
* Researched CVE-2016-9013 in python-django and found to be not worthy of
* Upload fixed version of python-django.
* CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True.
* Upload fixed version of lynx-cur.
* CVE-2016-9179: invalid URL parsing with '?'.
* Research monit CVE-2016-7067 CSRF issue.
* Research asterisk. Ask if it is supported in Wheezy. Add links to upstream
advisories in secure-testing.
Brian May <email@example.com>