Yes, they use an ancient non-GPLv3 version of Bash. I don't understand why and tbh it's my primary complaint against Jolla.

So..? At this moment the only way I can think of to exploit this right now would be a suid binary that goes its way around bash "don't-run-me-suid" protection (e.g. set{e}uid then system). Which would be pretty nasty in itself since there's another 300 ways to attack those. So if you know one of those please report it.

Virtually the only situations where this bug can cause trouble is everywhere where a backlist/whitelist of environment variables is used to filter out such variables by name only. Because with this bug there are no "safe" env variable names.