According to the Gentoo bug (https://bugs.gentoo.org/show_bug.cgi?id=605342#c4) 1.9.4 is affected.
On Thursday, January 12, 2017 at 1:38:34 PM UTC-7, ro...@pandastrike.com wrote: > > Thanks James and Ansible team. > > I presume that this affects Ansible 2.0 and 1.9, but the CVE text is a > little ambiguous: (Affected versions: < 2.1.4, < 2.2.1). > Can you or someone from Ansible confirm? If 1.9 is affected, will the fix > will be back-ported? > > Thank you, > Robb > > On Wednesday, January 11, 2017 at 3:36:22 PM UTC-7, James Cammarata wrote: >> >> Hi all, >> >> We've just released the following release candidates to address a few >> more corner cases found after the release of the previous RCs for >> CVE-2016-9587: >> >> 2.1.4 RC2 >> 2.2.1 RC4 >> >> Thanks again to Computest for double-checking our fixes and pointing out >> a couple of places we had missed. >> >> We are still looking to get the final releases out by the end of the >> week, so please be sure to test these RC's for any breaks in your playbooks. >> >> Thanks! >> >> James Cammarata >> >> Ansible Lead/Sr. Principal Software Engineer >> Ansible by Red Hat >> twitter: @thejimic, github: jimi-c >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8b9b52e2-b678-42ad-b6fa-30d67cb36180%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
