CVE-2014-6271 not listed in bash package changelog
This may seem minor, but the CVE-2014-6271 is not listed in the changelog for the latest bash package for RHEL 6.x.
2014-09-25 Ondrej Oprala <ooprala@redhat.com> - 4.1.2-15.2
- CVE-2014-7169
Resolves: #1146322
2014-09-15 Ondrej Oprala <ooprala@redhat.com - 4.1.2-15.1
- Check for fishy environment
Resolves: #1141645
'Check for fishy environment' is the fix for CVE-2014-6271 (as confirmed by the Bugzilla #) but CVE-2014-6271 is not listed.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271
Can this be amended? It may help clear up some of the confusion around which packages fix the bash issues.