Note that a revised advisory has been posted now - the severity has been greatly downgraded. While we're still cautious that there could be some sneaky way to exploit this bug, all testing and analysis we've done so far indicates that none of our products are vulnerable to external attack through the bash vulnerability. Good news for everyone, I hope.
The tricky things is that after the first vulnerability went public, people have been finding more and more. It has turned into "whack-a-mole" for the bash team. I don't think the situation will change for Aruba - but if it does we'll let everyone know.