CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299)
CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396)
Non-security issues fixed:
Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an
external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247)