[CentOS] Bash package for CentOS5

Tue Sep 30 16:38:05 UTC 2014
Jonathan Billings <billings at negate.org>

On Tue, Sep 30, 2014 at 07:15:20AM -0500, Johnny Hughes wrote:
> There may be another update released for this soon:
> https://access.redhat.com/security/cve/CVE-2014-7187
> But at the time of this email, there is no update for that CVE.

Reading that web page, it says:

"Red Hat Product Security does not consider this bug to have any
security impact on the bash packages shipped in Red Hat Enterprise
Linux. A fix for this issue was applied as a hardening in
RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312."

So... is it fixed or not?  Testing with the code on
https://shellshocker.net/ for CVE-2014-7187 doesn't indicate that the
latest bash update is vulnerable. 

I'm curious because you're not the first person I've heard say that
there are still bash updates in the works from RH/CentOS, when all my
research into the published bash CVEs, RHSAs and Bugzilla reports [1]
leads me to think there aren't any new RHSAs forthcoming.  

Am I missing something?

1. https://bugzilla.redhat.com/show_bug.cgi?id=1146804

Jonathan Billings <billings at negate.org>