Thanks, I guess I was wondering, given that there are over 20,000 packages that Debian maintain, what is the meaning of what you call 'exposure'? I understand that bugs appear over time. I can tell you for a fact I like Debian rhythmbox more than any rhythmbox I encountered when using (and keeping up to date with) Ubuntu. It used to buckle and close a lot. It doesn't on Debian 7.1.
Would, for instance, libreoffice be frozen by Debian at a particular point, with only the addition of bug-fixes? I can't imagine that that approach would be practical, but it's what I'm led to believe. What's going on?
Debian freezes the version of every package in the testing repository shortly before release. The idea is that to create a stable release there should be no changes that add, remove, or otherwise break existing functionality. Once frozen (said to be "in release freeze"), the software in the testing repository is extensively checked for consistency (all dependencies, recommends, and suggests must be installable), stability (measured by bug reports during the freeze), and upgradeability (all software in the previous Debian release must have a clean upgrade path available and all changes that break assumptions from the previous release must be thoroughly documented). Since software is constantly evolving, the most practical way to accomplish this is to stop updating the software with the latest upstream releases at a certain point in time. That is why the software in Debian stable releases is often said to be "old".
However, the age of the software does not imply that it is not secure. The Debian Security Team takes security very seriously. They track the vulnerabilities found in software in the archive and backport the necessary patches (or write new patches if they must) to make sure that every piece of software in the archive is secure. Although all of the patches the Security Team produces will make it into the stable archive eventually, there is a two week delay for most packages while updates are vetted and tested. Obviously this is not ideal for security fixes, which is why the Security Team maintains their own archive (security.debian.org) which is added to the sources.list of all Debian installations by default. Security updates are delivered immediately through that repository before they eventually filter down to the other relevant release repositories.
Bugs filed against software in the stable repository will be fixed while that release is still supported. (Debian Squeeze and Wheezy are both currently supported stable releases, designated oldstable and stable respectively.) However, due to the restrictions imposed on software in a stable release and given the finite amount of time package maintainers have to work on their packages, only bugs marked "severe" and "release-critical" are likely to be fixed in stable releases. If bugs with lower severity are still relevant to the version of the package available in Debian Testing or Unstable, the package maintainer is much more likely to fix them so they will make it into the next stable release. (Therefore filing bugs of any severity is not futile.) Since the severity of bugs is so important to release tracking, as you can see from my brief description, package maintainers and the Security Team reserve the right to change the severity of any bug at their discretion. Unfortunately users occasionally file bugs with a much higher priority than they deserve just so the bug will be looked at. The maintainer of the affected package is assumed to have a much greater understanding of the internals of the software than the user and is hence allowed to change the severity of any bug filed against his package at his discretion. As a courtesy maintainers will often also comment on the bug explaining why the severity was changed. Similarly the Security Team sometimes needs to change the severity of a bug when it relates to a pending security vulnerability, for obvious reasons.
If you are interested in installing the latest version of LibreOffice on Debian Wheezy, you can do so through the backports repository. There is a backports repository provided for every Debian stable release for those who want the latest version of select packages. It is up to the maintainers of each package to decide whether they want to include their package in the backports repository, although many do for popular packages (such as LibreOffice and VLC). Packages in backports then track the version of that package in testing. This helps to ensure that a stable installation with backports installed will be cleanly upgradeable to the next stable release. However APT default policy dictates that even after adding the backports repository to your installation, software from it will not be automatically installed. You have to manually install it by temporarily giving packages in backports priority via your APT front-end. For example, you could install (or upgrade) LibreOffice in Wheezy from backports using apt-get as follows: sudo apt-get install -t wheezy-backports libreoffice. Once software is installed from backports it will track new releases in backports by default. So following the previous example, when a new version of LibreOffice is added to Wheezy Backports it will be installed with your system updates with no further intervention required.
I hope my answer satisfied your curiosity. If not, feel free to ask me more questions. I have some understanding of Debian's internal procedures from the perspective of a package maintainer.