Good distros should backport updates like this - the patch has been merged into several downstreams. Whilst I prefer a rolling release, this isn't the reason to do it. You could even be on a rolling release that is behind (like arch - my Gentoo box was patched for this vuln before I even understood what it was, and I could run the exploit on my arch machine days laterz until eventually the update came). Speed of response by the upstream here is more important than anything else.

I meant from a software architecture / maintenance standpoint. I assume its that much more work to backport vs just pushing the next change, I also assume this type of issue is only going to happen more thus more backporting / hotpatches ect.