There is no list that covers all yet, especially for possible future updates/upgrades. Maybe somebody can work on this ...
That is what I could find out so far:
If a program is updated/upgraded, it will be automatically added to the software centre (and will be updated by the system), viewable also with Synaptic (needs install) and apt-cache (command line).
The page packages.ubuntu.com shows past updates, but do not inform what the future will hold.
Stable Release Update/Backport
Every SRU (Stable Release Update) and Backport is manually requested. SRUs are done only to fix an important bug. Backports are done upon request, if volunteers and resources are available.
Requests for packaging and/or backports are generally tracked as bugs. They are not really bugs, of course. But bug trackers usually track more than just bugs, see backports list.
If you poke around in Launchpad, you should quickly find the similar tracking lists for the Packaging Team, the Security Team, and the SRU Team.
There is doubt that tentative release dates are realistic for most packages, since many backporters seem to work more-or-less at random from the list. If some backporter has specific interests, then they could certainly post ETA dates in the comments and assign the package to themself.
PPAs and alternative repositories
As there are not many significant updates/upgrades that are added in the official repositories of a Ubuntu release (although this might change with future LTS releases), PPAs and alternative repositories are chosen by a lot of people, but it takes time to find them:
I would also promote a list of PPAs and alternative repositories, but this is not supported by Canonical as many PPAs and alternative repositories can cause problems to a system. But a list with the possibility of rating and comments (problem, success) would be better as the scattered information without or little feedback from the community. Unfortunately the Ubuntu brainstorm page will be closed, so I add this idea to this answer, perhaps somebody knowledgeable reads it and can work on it.
There is a related brainstorm idea regarding this topic as long as Ubuntu Brainstorm exists.
This question interests me, and I'm trying to get another four reputation points, so I can upvote a useful answer I recently found here on ask Ubuntu... so I tried to find the answer:
The ones who maintain "Universe" are the Masters of the Universe. On their mailing list there was a discussion on security updates for Drupal, in August 2014. One answer worth reading contained "This is a fundamental difference between main and universe" and "users can always opt to not install universe packages". So if this information is correct it pretty much answers your question, I would say.
Probably Debian has faster security updates over its whole set of packages, than Ubuntu has over it's Universe branch... so you might consider using that distribution instead, if you need (server) programs not included in Ubuntu "Main".
Best Answer
Software in
main
is supported by Canonical. Obviously they're not going to support every arbitrary piece of software on the internet. Software inuniverse
is inherited from Debian, where a select group of people, designated as Debian Developers, take responsibility for the maintenance of the packages they upload (even if the actual packaging is done by others). Obviously, they don't have the capability to maintain packages for every piece of software on the internet.What do people do who can't get Canonical or Debian Developers to support their software? They must find other ways, which include creating their own repository. The introduction of the PPA by Ubuntu relieved a lot of pressure on community volunteers to maintain packages, and at the same time, freed developers from a lot of the constraints imposed by the release policies of distros.
Remember that what you want may not be what somebody else wants. By sticking to a stable set of software and allowing PPAs, while the users have a slight overhead of maintaining the list of repositories, they get a lot of flexibility in getting what they need. Developers get flexibility in providing updates. Maintainers are relieved of the pressure of having to keep up to date with every arbitrary piece of software on the internet.