This doesn't appear to be valid to me, given the "fix" suggested above.
All that code does is to check that the Referrer header is equal to the site itself. However, the referrer header is controlled by the requesting source, in that it comes from the headers of the browser making the request to add a comment. So a spammer sending to the comments form post process directly could, rather trivially, bypass your "fix".
Given that, this doesn't appear to be a valid vulnerability in the first place. The point of somebody making a POST request to the wp-comment-post.php file is to, simply, post a comment. Any request to this that is valid should make the comment, while spam should be handled by anti-spam systems such as Akismet. Requiring a referrer check doesn't mitigate this except in the "club" sense. Adding such a referrer check to core, for example, would simply mean that every spam-bot out there would just be modified to start including the referrer header in their POSTs.
That said, there was a separate issue in 3.3.1 involving the redirect after comments. The suggested patch above would not fix it, but that's okay because the issue in question was fixed in WordPress 3.4 as well as backported for WordPress 3.3.2.