According to the Gentoo bug (https://bugs.gentoo.org/show_bug.cgi?id=605342#c4) 1.9.4 is affected.
On Thursday, January 12, 2017 at 1:38:34 PM UTC-7, [email protected] wrote: > > Thanks James and Ansible team. > > I presume that this affects Ansible 2.0 and 1.9, but the CVE text is a > little ambiguous: (Affected versions: < 2.1.4, < 2.2.1). > Can you or someone from Ansible confirm? If 1.9 is affected, will the fix > will be back-ported? > > Thank you, > Robb > > On Wednesday, January 11, 2017 at 3:36:22 PM UTC-7, James Cammarata wrote: >> >> Hi all, >> >> We've just released the following release candidates to address a few >> more corner cases found after the release of the previous RCs for >> CVE-2016-9587: >> >> 2.1.4 RC2 >> 2.2.1 RC4 >> >> Thanks again to Computest for double-checking our fixes and pointing out >> a couple of places we had missed. >> >> We are still looking to get the final releases out by the end of the >> week, so please be sure to test these RC's for any breaks in your playbooks. >> >> Thanks! >> >> James Cammarata >> >> Ansible Lead/Sr. Principal Software Engineer >> Ansible by Red Hat >> twitter: @thejimic, github: jimi-c >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8b9b52e2-b678-42ad-b6fa-30d67cb36180%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
