The Asterisk Development Team has released version 1.4.13.
This release fixes a couple of security issues in the implementation of IMAP storage for voicemail. One of the issues is remotely exploitable. Any systems that do not use IMAP storage for voicemail are not affected by these issues. For more details on this issue, see the Asterisk security advisory here:
This release also contains some other bug fixes that have been merged in the past week or so. The other fixes include resolutions for a few different deadlocks, a couple of problems in res_jabber, chan_sip and RTP fixes, and a few more minor issues. See the ChangeLog for a full listing of the changes:
Thank you very much for your support!