diff --git a/bin/packaging-updates b/bin/packaging-updates
index 5af7b421d9481d334728ee4d847666c6ffd629c3..274d3dbbaf50444df9c87479229889144ee4af43 100755
--- a/bin/packaging-updates
+++ b/bin/packaging-updates
@@ -97,6 +97,20 @@ def compute_updates(data):
                         f"Skip update from {branch.version} to {branch.name}/{upstream['version']}, superseded by {base.name}/{base.version}"
                     )
                     continue
+                # Don't report Debian updates if they already have been imported in Apertis
+                # using the debian-security repository before being available
+                # in the main Debian repository through a point release.
+                branch_sec = branch.name + "-security"
+                base_sec = git.branches.get(branch_sec)
+                if base_sec:
+                    base_sec = types.SimpleNamespace(**base_sec)
+                    if upstream["version"] <= debian.debian_support.Version(
+                        base_sec.version
+                    ):
+                        logging.debug(
+                            f"Skip update from {branch.version} to {branch.name}/{upstream['version']}, already imported in {base_sec.name}/{base_sec.version}"
+                        )
+                        continue
             updatable(package, base, branch, upstream)
 
     return ret