Backported Security Patch Detection www
This entry from Security Metrics correctly assesses that ClearOS contains backported patches. However, they are not able to determine the extent or those patches. If you have this entry, you will likely have other entries which indicates a past version vulnerability.
The fact that Security Metrics is unable to assess the patch level of your server creates a lot of busy work which requires you to defend against issues that will not be present.
This assessment does not indicate a risk but rather indicates an absence of risk.
While detection of backported packages was achieved the analysis, it was not able to ameliorate claims of faults. Backported patches are implemented by design to improve stability while patching. This is not a risk.