diff --git a/UPDATING b/UPDATING
index c427f18ea154..a8d7c88808fd 100644
--- a/UPDATING
+++ b/UPDATING
@@ -10,10 +10,11 @@ you update your ports collection, before attempting any port upgrades.
   AUTHOR: bdrewery@FreeBSD.org
 
   Bash supports a feature of exporting functions in the environment with
-  export -f.  Running bash with exported functioned in the environment will
-  then import those functions into the environment.  This resulted in
-  security issues CVE-2014-6271 and CVE-2014-7169, commonly known as
-  "shellshock".
+  export -f.  Running bash with exported functions in the environment will
+  then import those functions into the environment of the script being ran.
+  This resulted in security issues CVE-2014-6271 and CVE-2014-7169, commonly
+  known as "shellshock".  It also can result in poorly written scripts being
+  tricked into running arbitrary commands.  
 
   To fully mitigate against this sort of attack we have applied a non-upstream
   patch to disable this functionality by default.  You can execute bash