FreeBSD Project Information for VU#252743
GNU Bash shell executes commands in exported functions in environment variables
Currently we have already patched CVE-2014-6271 and CVE-2014-7169 in the FreeBSD ports tree, making it no longer vulnerable to these two issues. We will patch the new issues once the fix is validated.
The FreeBSD base system do not use bash at all and is therefore not affected.
We are not aware of further vendor information regarding this vulnerability.
FreeBSD has disabled function importing by default in the Bash port.
If you have feedback, comments, or additional information about this vulnerability, please send us email.