SpamTitan, September 26th 2014: 

After reviewing the risk to SpamTitan from the recent Bash shell vulnerability "Shellshock" (CVE-2014-6271 and CVE-2014-7169) and having reviewed all of the available information, we are happy that SpamTitan cannot be exploited by this bug. SpamTitan does ship with Bash, however SpamTitan does not use Bash in a way in which this vulnerability can be exploited (no apache cgi scripts, no access to the Bash shell amongst other things). 

SpamTitan remains committed to protecting its customers from exposure to any vulnerability and so, while SpamTitan is unaffected by ‘Shellshock’, for good security practices, we will be updating Bash in SpamTitan as soon as a stable and effective patch is available from the Bash maintainers.