1 issue left for the package maintainer to handle:
CVE-2018-21269:
(needs triaging)
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.
Among the 6 debian patches
available in version 0.49-1 of the package,
we noticed the following issues:
4 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.