When in comes to a noncritical exploite (any exploite that is local only is useualy considered noncritical) 10 day is a very quick response time. I have seen known vulns get unadressed by software companies for years.