"Sophos has seen no evidence of any of these vulnerabilities being exploited in the wild." in bold, along with "Sophos has seen no evidence of this vulnerability being exploited in the wild." in bold on every single vulnerability. That is incredibly, incredibly disingenuous.
Don't ever downplay the severity of a vulnerability because you believe it hasn't been exploited in the wild yet. If unpatched systems remain and the vulnerability is juicy enough, people will exploit it. Statements like theirs are complete and utter bullshit; they do more harm than good for the security of their products and customer systems.
Once a patch exists (as in this case), it becomes a bit more meaningful, as the (non)existence of wild 0-day vulnerabilities is important. On the other hand if Travis could come up with more vulnerabilities than they can handle, I wouldn't be surprised to see wild 0-day exploits before the next set of patches on 11/28, as this headline will prompt more scrutiny into their product.