After seeing a lot of tweets about the Bash vulnerability I was tempted to follow the “write a blog post about it in order to learn about it” plan of action, but as I started reading up on the details of how OS X ships with the vulnerable 3.2 version of Bash I came across StackExchange user AlBlue‘s very in-depth answer that covered everything. So go read that answer and compile a new version of Bash and you’re all set.
One thing I will mention again from that answer is that upgrading only your Homebrew’s version of Bash is not enough since the vulnerable /bin/bash executable is still around and most scripts are pointing directly at that version #!/bin/bash not to mention every installed program that references a shell.