@olverjia you've got the right idea, but for the wrong reason, IMO. One nasty vulnerability is not the same as a long track record of nasty vulnerabilities. (GNU/Linux has the latter too, though.)
I still pretty safe with Ubuntu, this was patched when it was discovered as a potential vulnerability.