Thank you very much, I have not known about checkrestart. But I see a lot of false positives in its output: deleted file, which is open by a process, does not mean that the process should be restarted. For example, imapd & apache on my system are always shown as "need to be restared", even when freshly restarted. Similar problem exists with sshd (as "sshd restart" does not kill client sessions).
However, my point was about content of security alert. I've never seen DSA which tells you something like "After libxml upgrade, use checkrestart to find the processes which should be restarted. Before such restart, the vulnerability is not really fixed in your system". All alerts pretend that the problem is fixed by package upgrade.