June was the second month I contributed to Debian LTS under the Freexian umbrella. In total I spent ten hours working on:
libwmf: research on CVE-2015-4588 and CVE-2015-0848. This resulted in DLA-253-1. RedHat's Bug#1227243 was a great resource here.
librack-ruby: research on CVE-2015-3225. This resulted in DLA-254-1.
Besides that I did CVE triaging of 17 CVEs to check if and how they affect oldoldstable security. The information provided by the Security team on these issues in data/CVE/list is an awesome help here. So I tried to be as verbose when triaging CVEs that weren't looked at for Wheezy or Jessie yet.
On non LTS time I patched our lts-cve-triage tool to allow to skip packages that are already in dla-needed.txt. This avoids wasting time on CVEs that were already triaged.
