What would seem to be the oldest bug in the list is labeled as CVE-2011-2391. It is described as kernel bug which could allow a DOS, via high CPU load, when an attacker sends specially-crafted IPv6 ICMP packets. The CVE designator may be mistaken, as that bug is listed in the CVE database as assigned but unused.
But the update also fixes several bugs from 2012 and one from 2011 in the libxml library. Apple updated the version of libxml to the current stable version, which was released just over a year ago.
The bugs were reported to Apple from dozens of outside sources including Microsoft and Fortinet. 24 of the 80 were reported to Apple by Google.