sqlite3 (3.37.2-2ubuntu0.5) jammy-security; urgency=medium
* SECURITY UPDATE: Memory corruption via number of aggregate terms
- debian/patches/CVE-2025-6965.patch: raise an error right away if the
number of aggregate terms in a query exceeds the maximum number of
columns in src/expr.c, src/sqliteInt.h.
- CVE-2025-6965
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 18 Jul 2025 11:17:24 -0400
sqlite3 (3.37.2-2ubuntu0.4) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via sqlite3_db_config arguments
- debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE
interface against misuse in src/main.c, src/sqlite.h.in.
- CVE-2025-29088
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 29 Apr 2025 12:38:50 -0400
sqlite3 (3.37.2-2ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: azProhibitedFunctions protection mechanism issue when
using --safe
- debian/patches/50-Fix_safe_mode_authorizer_callback.patch: make sure
that safe mode rejects certain UDFs in src/shell.c.in,
test/shell2.test.
- CVE-2022-46908
* SECURITY UPDATE: heap overflow in sessionReadRecord
- debian/patches/CVE-2023-7104.patch: fix a buffer overread in the
sessions extension that could occur when processing a corrupt
changeset in ext/session/sqlite3session.c.
- CVE-2023-7104
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 02 Jan 2024 09:41:49 -0500
sqlite3 (3.37.2-2ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: array-bounds overflow via large string argument
- debian/patches/CVE-2022-35737.patch: increase the size of loop
variables in src/printf.c.
- CVE-2022-35737
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 04 Nov 2022 09:09:13 -0400
sqlite3 (3.37.2-2) unstable; urgency=medium
* Fix non-Linux installation.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 16 Jan 2022 11:59:39 +0100
sqlite3 (3.37.2-1) unstable; urgency=medium
* New upstream release.
* Don't try to build sqlite3-tools on kfreebsd-any.
* Update symbols file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 06 Jan 2022 19:16:04 +0100
sqlite3 (3.37.1-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 02 Jan 2022 13:15:04 +0100
sqlite3 (3.37.0-2) experimental; urgency=medium
* Fix Breaks + Replaces for sqlite3-tools (closes: #1002551).
* Declare conflicts with emboss on sqlite3-tools (closes: #1002549).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 24 Dec 2021 12:20:47 +0100
sqlite3 (3.37.0-1) experimental; urgency=medium
* New upstream release.
* Update symbols file.
* Distinct license of the patches (closes: #858756).
* Package sqlite3 tools separately.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 12 Dec 2021 23:34:48 +0100
sqlite3 (3.36.0-2) unstable; urgency=high
* Upload to unstable.
* Backport upstream security fix for CVE-2021-36690: segmentation fault
vulnerability with the Expert extension when a column has no collating
sequence.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 25 Aug 2021 13:04:34 +0200
# For older changelog entries, run 'apt-get changelog libsqlite3-0'
Generated by dwww version 1.14 on Fri Aug 15 05:07:59 CEST 2025.