Distributions face the MoinMoin and Rails vulnerabilities

Folks running Debian can use debsecan, which will run nightly and download the database of CVE issues, match it against locally install packages and send a mail if there are changes in the list of security issues present or of there are security updates available. The database relies on security folks keeping up to date with the flow of CVEs but is fairly easy to contribute to:

http://packages.debian.org/sid/debsecan
http://security-tracker.debian.org/tracker/data/report