Posted by colby
Debian security updates are only maintained for the stable version, however in the testing/unstable versions security fixes are incorporated as quickly as possible. Debian security updates are backported from newer versions to the "stable" version -- if the version of a package in "stable" was 2.0.1 and the upstream fixed version was 2.2.4, the fix would be backported to the 2.0.1 version instead of having you upgrade to 2.2.4.
Security updates are fetched with a special apt source. Place this in your /etc/apt/sources.list to receive security updates:
stable/updates main contrib non-free
Debian also maintains Security documentation and two mailing lists for security purposes.
The Debian Security FAQ
The Securing Debian Manual
The debian-security-announce mailing list (announce only)
The debian-security mailing list (discussion)