The only security specific mention in the first document is about a HTTP server patch for 18.104.22.168/6 which is part of alert #68.
The second document lists hundreds of bug fixes but specifically lists alert 68 in the general section (no details). It is also listed again in the security and denial of service section, in advanced / secure network section there is a bug mentioned (3889519) that say’s there are errors with data transfer with SSL when security patch 68 is installed. There is also a bug about importing a wrapped password verification function. There are nine bugs fixed in Oracle label security. There are 6 specific errors fixed in the row level security functionality.
It is important to apply new patch sets as they quite often fix "silent" security bugs. These are security bugs that are not part of a security alert. This could be because these security issues are not reported as such by the finder of the problem.