BNR servers were patched on September 24, 2014 before the bug was widely disclosed. While the vulnerability was severe, no BNR sites, servers, or stored data were compromised. BNR server admins will monitor the situation as it develops while Bash is audited for any further vulnerability.
BNR Joomla Extensions Security Information: Shellshock Update
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on September 24, 2014. Most web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.