As spooky as it undoubtedly seems to you, the commit messages aren't addressed to PaXTeam (are
you actually an individual or a corporate entity?). Unless stated elsewhere they aren't
intended as a functional description of the changes (read the source for that), a summary of
the security consequences, an entry into a poetry contest, a running commentary on the
developer's lunch plans or a source of entropy for a random number generator. On occasion they
may serve as one or more of those things, but generally, they're a memo to the developers
working on that code. So if they fix a line which incorrectly sets foozle to NULL, don't be
surprised if the commit message is "don't touch foozle in baz" rather than "Potential security
flaw fixed, NULL dereference PaXTeam take note".
If you would like to provide blow-by-blow security commentary for every merge, I suspect at
least some people on LKML would welcome it, perhaps to a different list.
The general situation is that most bugs involving privileged code will have security
consequences. Since any large system, including all the popular general purpose operating
systems, will have such bugs, this is not very helpful information.