You've got a point there, but I'd ask why not remove the packages that aren't being used? Here's some of the raw data about which system libraries are lagging in security patches:
liblwres90 1:9.9.5.dfsg-3ubuntu0.6
mysql-common 5.5.46-0ubuntu0.14.04.2
libmysqlclient-dev 5.5.46-0ubuntu0.14.04.2
libmysqlclient18 5.5.46-0ubuntu0.14.04.2
rsync 3.1.0-2ubuntu0.1
bind9-host 1:9.9.5.dfsg-3ubuntu0.6
libisccc90 1:9.9.5.dfsg-3ubuntu0.6
libisc95 1:9.9.5.dfsg-3ubuntu0.6
dnsutils 1:9.9.5.dfsg-3ubuntu0.6
linux-libc-dev 3.13.0-74.118
libbind9-90 1:9.9.5.dfsg-3ubuntu0.6
libxml2 2.9.1+dfsg1-3ubuntu4.6
libdns100 1:9.9.5.dfsg-3ubuntu0.6
libxml2-dev 2.9.1+dfsg1-3ubuntu4.6
libisccfg90 1:9.9.5.dfsg-3ubuntu0.6
