I have patched my system however CVE-2014-7169 claims that the fix for 6271 was incomplete. Sure enough if I run the command below:
env X='() { (a)=>\' sh -c "echo date"; cat echo
It appears that function parsing is still executing code as I do not get an error like I am supposed to. So if 6271 allowed an attacker to execute arbitrary commands at will, does this mean that after being patched you are still vulnerable per 7169 but not to the same extent? If so, does this mean an attacker can still exploit the bug but running arbitrary commands is no longer an option? How much more "secure" is this? Can someone provide an example?