Thanks for your diligence.
Looks like an additional update patch may have been released by RedHat yesterday or last night.
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://rhn.redhat.com/errata/RHSA-2014-1306.html
Regards,
David McAnally