Confusion regarding the affected binaries in USN links

Actually need clarification regarding a security issue. For example, mentions libsystemd0 and systemd. And mentions only systemd. So does this mean, for USN-3891-1, we need to update both libsystemd0 and systemd but for USN-3855-1, upgrading only systemd package will fix the vulnerabilities? Actually, mentions a lot of other binaries for the source systemd. Yes, we understand that you previously mentioned that upgrading only few binaries might break the package dependency. But here, we are concerned mainly on resolving the security issue and if a binary is having dependency on some other binary it would automatically upgrade the other one. So, is it sufficient if we upgrade the mentioned binaries in USN links for fixing the security issues by ignoring other binaries?

The issue was previously asked in, where they suggested to ask security issues here.

The list of binary packages mentioned in each USN is meant to indicate the most likely binary packages which need to be upgraded for the USN. This is a subset of the binary packages which are created when a source package is updated. The reason the security team creates this subset list is to avoid listing all the packages in the USN itself as they can often be quite long and hence make the USN hard to read.

Ideally all the binary packages related to a USN would be upgraded when a security update is performed as then you can be sure you don’t miss part of the update (ie. it is possible that when creating a USN the engineer makes a mistake and forgets to include a binary package in the package subset list).

My recommendation would be to upgrade all binary packages not just those listed in the USN to ensure you are completely covered.