[AUTO-CHERRYPICK] Upgrade clamav to 1.0.9 to address CVE-2025-20260 [CRITICAL] - branch main (#14111)

Co-authored-by: kgodara912 <[email protected]>
Co-authored-by: Kshitiz Godara <[email protected]>
Co-authored-by: jslobodzian <[email protected]>

Author: 4 people

SPECS/clamav/clamav.signatures.json

@@ -1,6 +1,6 @@
 {
-  "Signatures": {
-    "clamav-1.0.7-cargo.tar.gz": "3066cc6c80a01e6a65926c320af5d3d8b465a20e4975ec381e8e1b758598b532",
-    "clamav-1.0.7.tar.gz": "cf9908f68b07fda099fd382710863e99d064c7851c0a01bd9336ca8845d7644c"
-  }
-}
+ "Signatures": {
+  "clamav-1.0.9-cargo.tar.gz": "d9e596d93abedbe2cf5f79bbc3dd3539ea1d185620a91f387c1779fd22e75e0b",
+  "clamav-1.0.9.tar.gz": "c3ac983568e3df274833839a7aa45c1b2650b192f7d2a8524cddbb0111062d93"
+ }
+}

SPECS/clamav/clamav.spec

@@ -1,6 +1,6 @@
 Summary:        Open source antivirus engine
 Name:           clamav
-Version:        1.0.7
+Version:        1.0.9
 Release:        1%{?dist}
 License:        ASL 2.0 AND BSD AND bzip2-1.0.4 AND GPLv2 AND LGPLv2+ AND MIT AND Public Domain AND UnRar
 Vendor:         Microsoft Corporation
@@ -133,6 +133,9 @@ fi
 %dir %attr(-,clamav,clamav) %{_sharedstatedir}/clamav
 
 %changelog
+* Tue Jun 24 2025 Kshitiz Godara <[email protected]> - 1.0.9-1
+- Upgrade to version 1.0.9 to fix CVE-2025-20260
+
 * Tue Nov 19 2024 CBL-Mariner Servicing Account <[email protected]> - 1.0.7-1
 - Auto-upgrade to 1.0.7 - CVE-2024-20505, CVE-2024-20506
 

cgmanifest.json

@@ -1767,8 +1767,8 @@
         "type": "other",
         "other": {
           "name": "clamav",
-          "version": "1.0.7",
-          "downloadUrl": "https://github.com/Cisco-Talos/clamav/archive/refs/tags/clamav-1.0.7.tar.gz"
+          "version": "1.0.9",
+          "downloadUrl": "https://github.com/Cisco-Talos/clamav/archive/refs/tags/clamav-1.0.9.tar.gz"
         }
       }
     },