Dreamless
Hsing Foo means that the smeserver (6.0.1) is still secure if being used in it's original form.
As I understand it, more recently identified vulnerabilities in various packages do not affect the default installation of the server.
If you have modified your server or installed applications or package updates, then that is another matter.
I'm aware that php needs updating re a security issue if you use php apps. There is a script available, do a search.
As you say, you also need to monitor any apps you have installed (via mail lists etc) and ensure that they are updated to the latest versions when security issues are discovered in those apps eg phpBB, gallery, phpmyadmin etc.
Less is sometimes better, & more secure.