Description  When an out of call message - delivered by either the SIP    
                 or PJSIP channel driver or the XMPP stack - is handled in    
                 Asterisk, a crash can occur if the channel servicing the     
                 message is sent into the ReceiveFax dialplan application     
                 while using the res_fax_spandsp module.                      
                                                                              
                 Note that this crash does not occur when using the           
                 res_fax_digium module.                                       
                                                                              
                 While this crash technically occurs due to a configuration   
                 issue, as attempting to receive a fax from a channel driver  
                 that only contains textual information will never succeed,   
                 the likelihood of having it occur is sufficiently high as    
                 to warrant this advisory.

Upstream patch: http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff
Additional info:
https://issues.asterisk.org/jira/browse/ASTERISK-24301
http://downloads.digium.com/pub/security/AST-2014-010.html