For a security update of a shared library to take effect processes need to be restarted in order to use the libraries from the newly installed package. The openssl and freetype updates got me thinking again if I caught all the affected services on servers and desktops/laptop systems I'm running.
So I put together a small script that takes a package name and scans /proc/pid/maps for processes that map libraries from this package, it then looks for init scripts in these packages. It can also hook into apt and restart the services after the upgrade. Since the mapping to the init scripts is quite dumb at the moment this should be used with a bit of caution though.
The script whatmaps can be fetched form here. Debs are also available. Besides Debian packages it also handles RPMs and already proved useful since it pointed me to clamav being possibly affected by the recent bzip2 advisory.