FYI, the guys at https://twitter.com/GovCERT_CH didn't want to join the SwiNOG ML, so I copied the URL to this e-mail :)

http://www.govcert.admin.ch/blog/4/critical-vulnerability-in-magento-many-swiss-sites-are-still-vulnerable

Cheers

Marco