The point of -stable is that the patches are so small that the users can
generally decide for themselves. In larger -stables, you can follow
the 'look at the drivers in use and upgrade if some of them are things you
use and the bugfix looks significant' approach: for smaller ones (like
security releases), you can often get away with simply reading the patch
itself, even if (like me) you're not a kernel hacker.
(Of course this doesn't work if you can't read a little C...)