Security researcher Michal Zalewski reveals details of other two additional bugs he discovered in the Bourne Again Shell after the Bash Bug case. One of two bugs, coded as CVE-2014-6278, as the original vulnerability Bash Bug, could be exploited for remote arbitrary code execution, but it exists because of an incomplete fix for the original fix. Another bug, the other find, is less severe and requires a degree of finesse to leverage in an attack certainly more than the original bug.”]
Source: https://securityaffairs.co/wordpress/28909/hacking/bash-bug-incomplete-patches.html