Auditing For Package Maintainers
If you are the maintainer of a package which is contained in the Debian archive please consider looking over the code yourself.
The availability of source code auditing tools can ease this process significantly, even if you don't have the time to do a thorough audit yourself you can find areas which are potentially problematic.
Sources for maintainers
Maintainers wishing to review source code might be interested in reading the Debconf6 paper Weeding out security bugs in Debian (slides) or the notes Short, practical overview on how to find a few common mistakes in programs written in various languages (both documents written by members of the audit project).
As part of being a responsive maintainer you should also be keeping an eye upon new releases of your package upstream. If the changelog mentions a security problem you should attempt to see if you have a version of the code in the stable distribution which is vulnerable.
If you do have a vulnerable version available in the stable distribution then please contact the security team - as described in the security team FAQ.