There's obviously a way to check to see when an update is a security update. I often get greeted by a motd that says "there are N security updates."

What I'd like to do is have my server email me a list of what packages need updating for security reasons.

To take it a step further, the email would link to the applicable security notification from Ubuntu.

Basically, each server is somewhat unique. I've received several emails on the security mailing list for packages I do not have install on any/all servers. So I'd like each individual server to tell me what it needs. That way I can apply updates in a timely manner, while avoiding restarting services like Apache that would cause users to have some downtime.

How could I do this?