Hello, DreamHost, it would be good to get more information on this, perhaps even on DHStatus. Considering the severity of the issue and the multiple patches which have been issued, none of which completely fix the problem, it would be good to know what's going on on your end and what, if anything, we should be doing on our end.
Should we rewrite our shebangs to use dash? Are there any patterns that are particularly vulnerable which we should look for and avoid in existing scripts? Are the Ubuntu servers more vulnerable than the ones still running Debian? Etc.