CVE-2010-1277 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1277): SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.
We already have 1.8.2 in tree, could you remove older, vulnerable ebuilds?
Vulnerable ebuilds removed. Closing noglsa as no vulnerable versions were marked stable.
CVE-2010-5049 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5049): SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.