I have 42 updates this morning between the two computers on which I run Debian. These include a new kernel and updates for things ranging from cpio and tar to texlive to apt to openssl to gtk2. And that’s just scratching the surface. As has been the case the last few times I’ve updated, the patches precede their announcements. I’ll try to remember to look later and update for a summary of their severity. My hunch is that some of these are probably pretty serious (openssl, gtk2, tar/cpio).
One thing I noticed has not updated via Debian (non-free) even though I have it set up: Adobe Flash. I recommend manually updating that (if you use it) and using whatever tools or plugins your browser uses to allow Flash to work on a per-site basis (see my article explaining how to block Flash by default in IE8). This page at Adobe will show you what version of Flash you’re using to compare with the latest versions available. You can download the DEB or RPM and install per those respective tools, or you can get the tarball, extract, and copy over the existing libflashplayer.so (path for Debian: /usr/lib/flashplugin_nonfree/libflashplayer.so) or to your $HOME/.mozilla/plugins directory.