From 1de7092d6f0ec5758765f13cbac68c1a611bf8a1 Mon Sep 17 00:00:00 2001
From: Micah Snyder <micasnyd@cisco.com>
Date: Mon, 13 Jan 2025 16:35:39 -0500
Subject: [PATCH] Set version to 1.4.2, FLEVEL to 212; Update NEWS.md

---
 CMakeLists.txt           |  2 +-
 Jenkinsfile              |  2 +-
 NEWS.md                  | 15 +++++++++++++++
 libclamav/bytecode_api.h |  1 +
 libclamav/others.h       |  2 +-
 5 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 93f87b197..68f32aff6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -22,7 +22,7 @@ string(TIMESTAMP TODAY "%Y%m%d")
 set(VERSION_SUFFIX "")
 
 project( ClamAV
-         VERSION "1.4.1"
+         VERSION "1.4.2"
          DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." )
 
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})
diff --git a/Jenkinsfile b/Jenkinsfile
index f32e8ba5f..288c3337a 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -10,7 +10,7 @@ properties(
         parameters(
             [
                 string(name: 'VERSION',
-                       defaultValue: '1.4.1',
+                       defaultValue: '1.4.2',
                        description: 'ClamAV version string'),
                 string(name: 'FRAMEWORK_BRANCH',
                        defaultValue: '1.4',
diff --git a/NEWS.md b/NEWS.md
index 9092496e7..d9e0c5fe4 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -3,6 +3,21 @@
 Note: This file refers to the official packages. Things described here may
 differ slightly from third-party binary packages.
 
+## 1.4.2
+
+ClamAV 1.4.2 is a patch release with the following fixes:
+
+- [CVE-2025-20128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128):
+  Fixed a possible buffer overflow read bug in the OLE2 file parser that could
+  cause a denial-of-service (DoS) condition.
+
+  This issue was introduced in version 1.0.0 and affects all currently
+  supported versions. It will be fixed in:
+  - 1.4.2
+  - 1.0.8
+
+  Thank you to OSS-Fuzz for identifying this issue.
+
 ## 1.4.1
 
 ClamAV 1.4.1 is a critical patch release with the following fixes:
diff --git a/libclamav/bytecode_api.h b/libclamav/bytecode_api.h
index fe254fa97..0dc3908ea 100644
--- a/libclamav/bytecode_api.h
+++ b/libclamav/bytecode_api.h
@@ -194,6 +194,7 @@ enum FunctionalityLevels {
 
     FUNC_LEVEL_1_4   = 210, /**< LibClamAV release 1.4.0 */
     FUNC_LEVEL_1_4_1 = 211, /**< LibClamAV release 1.4.1 */
+    FUNC_LEVEL_1_4_2 = 212, /**< LibClamAV release 1.4.2 */
 };
 
 /**
diff --git a/libclamav/others.h b/libclamav/others.h
index e967354b2..515cb864d 100644
--- a/libclamav/others.h
+++ b/libclamav/others.h
@@ -69,7 +69,7 @@
  * in re-enabling affected modules.
  */
 
-#define CL_FLEVEL 211
+#define CL_FLEVEL 212
 #define CL_FLEVEL_DCONF CL_FLEVEL
 #define CL_FLEVEL_SIGTOOL CL_FLEVEL