I know the development team is furiously working to get 5.6 out the door so I understand that there will be delays. However, it was my understanding that "Critical" security updates and those that are "remotely exploitable" would be pushed out ahead of 5.6.
That is my understanding, too. However, I see that the only "Critical" one on your list is java-1.6.0-sun. This is not included in CentOS...
As far as I understand this is a highly untrivial task and breaks the "binary compatible" rule. Nevertheless, this was attempted one or two dot releases ago, I think as an experiment as much as anything.
I am not sure how the CentOS team thought of that exercise, in hindsight. I would be interested in knowing. From the explanation that Russ gave, it was a mighty effort, as far as I remember.