Madaidan’s Insecurities (though it is biased, unmaintained, and promotes some fearmongering) does a better job at covering this issue (compared to Privacy Guides) by including examples. PrivSec expands on this by including other examples of Debian’s patching process introducing vulnerabilities.
As I understand it, this is ultimately an issue with any stable release distribution which freezes packages, so Fedora can still be affected by this, just to a much lesser extent than Debian. The only way to avoid the issue of frozen packages is to use a rolling-release distro, which comes with its own set of problems.