First they have a list of products for which there is a patch - by the way good luck with that
Than there is list of products that are vulnerable but for which there is yet no product available 42 products
than there is a list of products that shouldn't be vulnerable except if one has activated himself (or the programmer) a bash shell or because it is integrated in the OS one has used (or tweaked)
Than there is a list of products that is "still Under investigation. 17 products
And Oracle Cloud ? well that is also very 'open'
"Oracle Cloud teams are currently implementing relevant patches when they become available and in accordance with applicable change management processes."
and this for a product that is used in some of the most important applications and so on