7.3. Security Tracker
The central database of what the Debian security teams know about vulnerabilities is the http://security-tracker.debian.net. It cross references packages, vulnerable and fixed versions for different suites, CVE names, Debian bug numbers, DSA’s and miscellaneous notes. It can be searched, e.g. by CVE name to see which Debian packages are affected or fixed, or by package to show unresolved security issues. The only information missing from the tracker is confidential information that the security team received under embargo.
The package debsecan
uses the information in the tracker to report to the administrator of a system which of the installed packages are vulnerable, and for which updates are available to fix security issues.