Ebuild for 1.6.1 works for 1.6.6 (tested on amd64).
1.6.6 "And the Cradle Will Rock" - Jul 01, 2014
Security updates to further protect against the incorrect execution of untrusted data
1.6.5 "And the Cradle Will Rock" - Jun 25, 2014
Additional tweaks to prevent the incorrect execution of untrusted data
1.6.4 "And the Cradle Will Rock" - Jun 25, 2014
Security update to prevent local operations from executing as the result of specifically crafted untrusted data
1.6.3 "And the Cradle Will Rock" - Jun 09, 2014
Corrects a regression where handlers were run across all hosts, not just those that triggered the handler.
Fixed a bug in which modules did not support properly moving a file atomically when su was in use.
Fixed two bugs related to symlinks with directories when using the file module.
Fixed a bug related to MySQL master replication syntax.
Corrects a regression in the order of variable merging done by the internal runner code.
Various other minor bug fixes.
1.6.2 "And the Cradle Will Rock" - May 23, 2014
If an improper locale is specified, core modules will now automatically revert to using the 'C' locale.
Modules using the fetch_url utility will now obey proxy environment variables.
The SSL validation step in fetch_url will likewise obey proxy settings, however only proxies using the http protocol are supported.
Fixed multiple bugs in docker module related to version changes upstream.
Fixed a bug in the ec2_group module where egress rules were lost when a VPC was specified.
Fixed two bugs in the synchronize module:
a trailing slash might be lost when calculating relative paths, resulting in an incorrect destination.
the sync might use the inventory directory incorrectly instead of the playbook or role directory.
Files will now only be chown'd on an atomic move if the src/dest uid/gid do not match.
This is a security bug.
Version 1.6.6 is also vulnerable:
It seems the issues are fixed in >1.6.6. Could someone please confirm this?
My understanding is that these issues are fixed in 1.6.6 and in higher versions. The issue tracked in bug 517770 is a separate issue, but require a higher version to fix, marking this bug as depends on the other one and we can continue there.
+*ansible-1.6.8 (23 Jul 2014)
+ 23 Jul 2014; Justin Lecher <firstname.lastname@example.org> -ansible-1.6.7.ebuild,
+ Version BUmp
Added to existing GLSA request
This issue was resolved and addressed in
GLSA 201411-09 at http://security.gentoo.org/glsa/glsa-201411-09.xml
by GLSA coordinator Sean Amoss (ackle).