Another issue with trying to apply just security updates for older point updates is that newer updates may be built differently. On 5.3, a package may not require another package be installed. But at some point later on, say, 5.5, it may gain a dependency. So if you try to install it, it may fail. if you are maintaining a system that is not directly connected to the internet, that can be an issue. I suppose that if it is, then you can end up having to upgrade more packages than you originally expected.