Auditing For Package Maintainers
If you are the maintainer of a package which is contained in the Debian archive please consider looking over the code yourself.
The availability of source code auditing tools can ease this process significantly, even if you don't have the time to do a thorough audit yourself you can find areas which are potentially problematic.
If you require assistance, please contact either the Debian Security Team or the (public) debian-security mailing list for assistance on how to conduct a source code audit.
Sources for maintainers
Maintainers wishing to review source code might be interested in reading the Debconf6 paper Weeding out security bugs in Debian (slides) or the notes Short, practical overview on how to find a few common mistakes in programs written in various languages (both documents written by members of the audit project).
The Weeding out security bugs in Debian
paper was presented in
Debconf6, Mexico, and was part of a workshop. For maintainers new to auditing
the sample
code and the workshop
videos might be useful.
New Releases
As part of being a responsive maintainer you should also be keeping an eye upon new releases of your package upstream. If the changelog mentions a security problem you should attempt to see if you have a version of the code in the stable distribution which is vulnerable.
If you do have a vulnerable version available in the stable distribution then please contact the security team - as described in the security team FAQ.