While Matthias' post will be important for some readers of this list I'm going to save some of you some unnecessary hassle.
You don't need to worry about patching this unless you have a web server running CGI scripts which do certain things. You don't even need it if you have CGI scripts enabled: you actually need to have at least one which actually runs. Or you need to have enabled the PHP ability to execute shell commands (off by default) and have a badly written PHP file which doesn't vet its parameters. An OS X Server which runs the pre-installed Apache and PHP with the default configuration isn't subject to this vulnerability.
You will also be reading about a situation where the shellshock vulnerability interacts with DHCP service to allow a DHCP server to run arbitrary shell commands on any computer using its DHCP service. Your Mac clients are immune to this one since they handle DHCP client IP configuration using a .plist rather than by running a bash shell script.
The above is not to say that all Macs are completely immune to shellshock. It's possible that you are a power-user with an unusual setup, or that something else like the DHCP-related vulnerability will be discovered. However, with what we know now, unless you have changed default configuration and installed your own scripts, you probably don't need to worry about a patch.