Seven years ago I wrote a quick ruby script called dsafilter which would verify the PGP signature on a Debian Security Advisory (DSA), determine which source package was mentioned in the mail, establish which binary packages are built from that source package and see whether any of them were installed on the current host.
Future plans included ways of checking package lists for multiple hosts.
Recently I had an enquiry about the script. I hadn't realised that the code had disappeared off the face of the web. I've now reinstated it and uploaded it to github. Hopefully people may find it useful!