https://lists.debian.org/debian-securit ... 00220.html
Please apt-get update and dist-upgrade (or --upgrade-only) bash by the end of the week.
Debian and other GNU/Linux vendors plan to disclose a critical,
remotely exploitable security vulnerability in bash this week, related
to the processing of environment variables. Stephane Chazelas
discovered it, and CVE-2014-6271 has been assigned to it.