Comment 12 for bug 1370416

@xor
Hi, my theory is "it's probably not possible for the apt and its front-ends to determine which update was security update after the update has been moved to -updates channel(until the developers decided to change the 'move-to-updates' policy)", I suggest you to upgrade all packages no matter it is from -updates channel or -security channel to keep your system safe, for my system I setup upgrade all packages from all channels(except -proposed) automatically in background using the unattended-upgrade mechanism and currently, hasn't encountered any problem.