Do you know something about the difference about the debian xen kernel and the xen kernel? Both are not very up to date but maby, and I hope so, the debian maintainer take care of the security kernle fixes for the xen kernel. If this is right, than it is recomended to use the debian xen package (xen 3.0.31) and and not the standard xen package (xen 3.1.0). I hope somebody knows more details about it.
I think the Xen kernel is always more up-to-date. But the Debian maintainers always patch their packages, so an old version number doesn't mean that there are unpatched security holes in them.