Did you even read the Secunia links you posted? Both unpatched vulnerabilities require usage of Apache's mod_ftp module, which I've honestly never even seen used as most hosts and general servers use external (and hardened) FTP software like ProFTPd:
Successful exploitation requires that a threaded Multi-Processing Module is used and that the mod_proxy_ftp module is enabled. (...) An error in the included APR-util library can be exploited to trigger hangs in the prefork and event MPMs on Solaris.
And the second (first in order on the site) unpatched vulnerability deals strictly with a mod_ftp input validation issue. Again, I rarely even see mod_ftp even used as opposed to an entirely seperate FTP server daemon but disabling the faulty module is simple enough in environments requiring absolute security.
And input validation issues are usually patched fairly quickly anyways, I mean come on, this is 2009 and there are too many developers for the project that wouldn't let this sort of thing continue for this amount of time. Not to mention the fact that these unpatched vulnerabilities are nothing compared to the olde IIS Webdav exploit of a few years ago - too bad there wasn't a community aware of it sooner other than the underground black hats already using it to their advantage by the time it was brought to the attention of MS.