Best way to help get CVE's addressed

hello - i was hoping to find the best place to help address outstanding 
CVE's for python pkgs.  i noticed charlie's last comment in this bug:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294246#c20

i understand that it is a lot of effort to keep on top of these patches. 
since i run python systems for work i would like to do my fair share to 
help get these patched in a timely manner.  my goal would be to have 
"pkg audit" be clean for my python webapp servers.

i searched bugzilla and wasn't sure if we are filing reports for each 
CVE and tracking there, or are our efforts better spent focusing on 
getting a newer default python out the door?

-pete

-- 
Pete Wright
pete@nomadlogic.org