Comment 1 for bug 1532198

Just for completeness sake, a CVE was assigned to ZFS on Linux, CVE-2015-3400.
This is based on an issue that was exclusive to Debian.

See http://www.openwall.com/lists/oss-security/2015/04/22/4 for the assignment and https://github.com/zfsonlinux/zfs/issues/3319 for the details.

In short, ZoL's Debian then-maintainer (who is not Debian's current ZoL maintainer, if I am not mistaken) built the "official" ZoL Debian packages with additional patches.
Those patches were subject to above's CVE, the issue has since been fixed and affected Debian exclusively.