This is meant to provide a summary of CVEs and fixes for them revolving around the shellshock collection of bugs. These bugs were primarily related to how bash does parsing of environment variables. Correlation between CVEs and upstream patches/releases has been fairly messy so I'm going to just summarize everything here. This pretty much comes from this oss-sec thread.
Currently I use hannob's bashceck script to do testing for shellshock related vulns.