The patch vulnerability seems more severe to me, as people apply patches all the time (they shouldn't do it as root, but people are people).
It's concerning that the holeybeep.ninja site exploited an unrelated fault for 'fun' without apparently telling anyone. Tony