I concur with spender's remark, the vulnerabilities could have been selected to underline a real problem with security and not just metrics with a DoS nobody will ever trigger (the ext4 one is a joke).
However, the handling of the ptrace vuln is very representative of the state of security in the Linux world.
Nobody cares about real security. The only progress that has been made in actual security in a _mainline_ distro was in Ubuntu with the work of Kees Cook. Distros don't care about security, Linus doesn't care either so we're stuck with a platform with very little progresss in 10 years.
The support for signed kernel module is quite representative too : it's been implemented because of UEFI, 10 years too late (in Linus' words).
Seeing the awesome work in grsecurity and PaX being ignored is depressing. The discussion about the inclusion of grsecurity in Debian is quite revealing : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090 :( It leads to fragmentation : people with security needs manage and maintain their own grsecurity kernel and just don't even try to push it upstream because of the refusals they will get...
Microsoft, which was despised for its horrible security 10 years ago has made such progress that Linux is considerably behind now. I just hope we'll be able to catch up.