Linus isn't saying that they are the same when deciding what to fix, he is saying that when the fixes are completed and available they should be treated the same, no matter if they are known to be security problems or not.
in part this is because many bug fixes end up fixing security problems that the author of the fix doesn't realize are there in the first place, so if you only apply fixes marked as 'security' you will not have a secure system.
other people think that someone should research all possible implications of every bugfix, and if it could be a security issue create a CVE number for it, and only after that submit the fix to be included.
personally I would rather see the person fix a couple more bugs than to have them take the time to jump through all of those hoops (never mind the fact that many fixes get tweaked after they are submitted, which would cause the need to go through all of that again)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds