sqlite3 (3.45.1-1ubuntu2.5) noble-security; urgency=medium
* SECURITY UPDATE: integer overflow in FTS5 extension
- debian/patches/CVE-2025-7709.patch: optimize allocation of large
tombstone arrays in fts5 in ext/fts5/fts5_index.c.
- CVE-2025-7709
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Sep 2025 14:06:42 -0400
sqlite3 (3.45.1-1ubuntu2.4) noble-security; urgency=medium
* SECURITY UPDATE: Memory corruption via number of aggregate terms
- debian/patches/CVE-2025-6965.patch: raise an error right away if the
number of aggregate terms in a query exceeds the maximum number of
columns in src/expr.c, src/sqliteInt.h.
- CVE-2025-6965
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 18 Jul 2025 10:56:16 -0400
sqlite3 (3.45.1-1ubuntu2.3) noble-security; urgency=medium
* SECURITY UPDATE: integer overflow through the concat function
- debian/patches/CVE-2025-29087_3277.patch: add a typecast to avoid
32-bit integer overflow in src/func.c.
- CVE-2025-29087
- CVE-2025-3277
* SECURITY UPDATE: DoS via sqlite3_db_config arguments
- debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE
interface against misuse in src/main.c, src/sqlite.h.in.
- CVE-2025-29088
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 29 Apr 2025 12:34:06 -0400
sqlite3 (3.45.1-1ubuntu2.1) noble; urgency=medium
* SRU: LP: #2083480: No-change rebuild to disable frame pointers on
ppc64el and s390x.
-- Matthias Klose <doko@ubuntu.com> Wed, 02 Oct 2024 14:40:50 +0200
sqlite3 (3.45.1-1ubuntu2) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <steve.langasek@ubuntu.com> Sun, 31 Mar 2024 08:24:45 +0000
sqlite3 (3.45.1-1ubuntu1) noble; urgency=medium
* No-change rebuild against libreadline8t64
-- Zixing Liu <zixing.liu@canonical.com> Fri, 08 Mar 2024 17:06:49 -0700
sqlite3 (3.45.1-1) unstable; urgency=medium
* New upstream release.
* Update symbols file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 02 Feb 2024 17:56:21 +0100
sqlite3 (3.45.0-1) unstable; urgency=medium
* New upstream release.
* Update symbols file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 20 Jan 2024 18:57:21 +0100
sqlite3 (3.44.2-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 25 Nov 2023 18:47:34 +0100
sqlite3 (3.44.0-1) unstable; urgency=medium
* New upstream release.
* Re-enable lookaside allocator (closes: #1051495).
* Update symbols file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 04 Nov 2023 10:08:53 +0100
sqlite3 (3.43.2-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 10 Oct 2023 18:26:22 +0200
sqlite3 (3.43.1-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 12 Sep 2023 07:07:43 +0000
sqlite3 (3.43.0-1) unstable; urgency=medium
* New upstream release.
* Update symbols file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 04 Sep 2023 06:08:25 +0000
sqlite3 (3.42.0-1) unstable; urgency=medium
* New upstream release.
* Remove sqlite3ExprIsTableConstraint@Base and
sqlite3SelectAddColumnTypeAndCollation@Base symbols as no longer part
of the library.
* Update symbols file.
[ Samuel Thibault <sthibault@debian.org> ]
Add hurd-amd64 support (closes: #1035646).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 24 Jun 2023 16:16:47 +0200
sqlite3 (3.40.1-2) unstable; urgency=medium
[ Cyril Brulebois <cyril@debamax.com> ]
* Add Breaks against crowdsec as found in bullseye, as it relies on a
particular table_info format, which changes between 3.36.0 and 3.37.0
(closes: #1033029).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 16 Mar 2023 19:54:28 +0100
sqlite3 (3.40.1-1) unstable; urgency=medium
* New upstream release.
* Update symbols file.
* Update Standards-Version to 4.6.2 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 31 Dec 2022 09:41:40 +0100
sqlite3 (3.40.0-2) unstable; urgency=high
* Backport upstream security fix for CVE-2022-46908: when relying on --safe
for execution of an untrusted CLI script, does not properly implement the
azProhibitedFunctions protection mechanism (closes: #1026293).
[ Helge Deller <deller@gmx.de> ]
* Enable large file support (closes: #1026171).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 18 Dec 2022 10:03:56 +0100
sqlite3 (3.40.0-1) unstable; urgency=medium
* New upstream release.
* Remove sqlite3StdTypeMap@Base symbol as no longer part of the library.
* Update symbols file.
* Update patches to apply clean.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 16 Nov 2022 18:21:56 +0100
sqlite3 (3.39.4-1) unstable; urgency=high
* New upstream release:
- fix a possible integer overflow in the size computation for a memory
allocation in FTS3.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 02 Oct 2022 18:17:34 +0200
sqlite3 (3.39.3-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 05 Sep 2022 17:38:52 +0200
sqlite3 (3.39.2-1) unstable; urgency=high
* New upstream release:
- apply fixes for CVE-2022-35737.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 22 Jul 2022 12:10:48 +0000
sqlite3 (3.39.1-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 14 Jul 2022 17:51:49 +0200
sqlite3 (3.39.0-3) unstable; urgency=medium
[ Helmut Grohne <helmut@subdivi.de> ]
* libsqlite3-dev: Generalize libc6-dev dependency to libc-dev
(closes: #1014893).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 14 Jul 2022 06:23:16 +0200
sqlite3 (3.39.0-2) unstable; urgency=medium
* Compile with -DSQLITE_ALLOW_ROWID_IN_VIEW to re-enable rowid for views
(closes: #1014495).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 07 Jul 2022 00:04:47 +0200
sqlite3 (3.39.0-1) unstable; urgency=medium
* New upstream release.
* Update symbols file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 29 Jun 2022 23:27:17 +0200
sqlite3 (3.38.5-1) unstable; urgency=high
* New upstream release:
- fix a byte-code problem in the Bloom filter pull-down optimization that
enters an infinite loop.
[ Helmut Grohne <helmut@subdivi.de> ]
* Link sqlite3 dynamically with its library (closes: #1010516).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 07 May 2022 13:18:57 +0200
sqlite3 (3.38.3-1) unstable; urgency=medium
* New upstream release.
* Update symbols file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 30 Apr 2022 07:13:56 +0200
sqlite3 (3.38.2-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 28 Mar 2022 17:35:33 +0200
sqlite3 (3.38.1-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 13 Mar 2022 19:02:54 +0100
sqlite3 (3.38.0-1) unstable; urgency=medium
* New upstream release.
* Remove sqlite3ParserReset@Base symbol as no longer part of the library.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 27 Feb 2022 19:52:50 +0100
sqlite3 (3.37.2-2) unstable; urgency=medium
* Fix non-Linux installation.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 16 Jan 2022 11:59:39 +0100
sqlite3 (3.37.2-1) unstable; urgency=medium
* New upstream release.
* Don't try to build sqlite3-tools on kfreebsd-any.
* Update symbols file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 06 Jan 2022 19:16:04 +0100
sqlite3 (3.37.1-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 02 Jan 2022 13:15:04 +0100
sqlite3 (3.37.0-2) experimental; urgency=medium
* Fix Breaks + Replaces for sqlite3-tools (closes: #1002551).
* Declare conflicts with emboss on sqlite3-tools (closes: #1002549).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 24 Dec 2021 12:20:47 +0100
sqlite3 (3.37.0-1) experimental; urgency=medium
* New upstream release.
* Update symbols file.
* Distinct license of the patches (closes: #858756).
* Package sqlite3 tools separately.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 12 Dec 2021 23:34:48 +0100
sqlite3 (3.36.0-2) unstable; urgency=high
* Upload to unstable.
* Backport upstream security fix for CVE-2021-36690: segmentation fault
vulnerability with the Expert extension when a column has no collating
sequence.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 25 Aug 2021 13:04:34 +0200
sqlite3 (3.36.0-1) experimental; urgency=medium
* New upstream release.
* Remove sqlite3_fts3_may_be_corrupt@Base and
sqlite3_fts5_may_be_corrupt@Base symbols as no longer part of the library.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 21 Jun 2021 19:45:18 +0200
sqlite3 (3.35.5-1) experimental; urgency=medium
* New upstream release.
* Remove backported patches.
* Remove sqlite3_unsupported_selecttrace@Base symbol as no longer part of
the library.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 23 May 2021 08:06:14 +0200
sqlite3 (3.34.1-3) unstable; urgency=medium
* Backport upstream fix for an issue with the LIKE operator when it
includes the "ESCAPE '_'" clause.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 24 Feb 2021 18:19:48 +0100
sqlite3 (3.34.1-2) unstable; urgency=medium
* Backport upstream fix for incorrect optimization of IN operator.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 13 Feb 2021 16:22:26 +0100
sqlite3 (3.34.1-1) unstable; urgency=medium
* New upstream release.
* Add upstream metadata.
* Update watch file.
* Update packaging bits.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 20 Jan 2021 18:40:44 +0100
sqlite3 (3.34.0-1) unstable; urgency=medium
* New upstream release.
* Update patches to apply clean.
* Update libsqlite3-0 symbols.
* Update debhelper level to 13 .
* Update Standards-Version to 4.5.1 .
[ Pino Toscano <pino@debian.org> ]
* Don't ship .la files (closes: #968488).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 04 Dec 2020 22:11:24 +0100
sqlite3 (3.33.0-1) unstable; urgency=medium
* New upstream release.
* Update libsqlite3-0 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 15 Aug 2020 16:40:06 +0200
sqlite3 (3.32.3-1) unstable; urgency=medium
* New upstream release:
- better fix for CVE-2020-13871: use-after-free in resetAccumulator() in
select.c because the parse tree rewrite for window functions is too
late.
* Remove sqlite3SelectTrace@Base symbol as no longer part of the library.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 20 Jun 2020 17:04:00 +0200
sqlite3 (3.32.2-2) unstable; urgency=high
* Backport upstream security fix for CVE-2020-13871: use-after-free in
resetAccumulator() in select.c because the parse tree rewrite for window
functions is too late.
* Update libsqlite3-0 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 06 Jun 2020 20:00:23 +0200
sqlite3 (3.32.2-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 06 Jun 2020 08:57:49 +0200
sqlite3 (3.32.1-2) unstable; urgency=medium
* Set LC_ALL to C.UTF-8 for lynx to generate changelog (closes: #961940).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 01 Jun 2020 07:23:26 +0200
sqlite3 (3.32.1-1) unstable; urgency=high
* New upstream release, including two security fixes.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 25 May 2020 19:07:13 +0200
sqlite3 (3.32.0-2) unstable; urgency=medium
* Generate upstream changelog without links (closes: #961450).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 25 May 2020 06:56:10 +0200
sqlite3 (3.32.0-1) unstable; urgency=medium
* New upstream release, fixes CVE-2020-11656.
* Remove backported patches.
* Generate plain text upstream changelog (closes: #959983).
* Update libsqlite3-0 symbols.
[ Vagrant Cascadian <vagrant@reproducible-builds.org> ]
* Pass SHELL=/bin/sh to configure, to ensure reproducible builds regardless
of the setting of the SHELL environment variable (closes: #949341).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 24 May 2020 11:47:32 +0200
sqlite3 (3.31.1-5) unstable; urgency=high
* Backport upstream security fix for CVE-2020-11655: denial of service
(segmentation fault) via a malformed window-function query.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 13 Apr 2020 10:21:16 +0000
sqlite3 (3.31.1-4) unstable; urgency=medium
* Backport upstream fix for problems in the constant propagation
optimization.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 05 Mar 2020 19:05:04 +0000
sqlite3 (3.31.1-3) unstable; urgency=high
* Backport upstream security fixes for CVE-2020-9327: segmentation fault in
isAuxiliaryVtabOperator() (closes: #951835).
[ Kari Pahula <kaol@debian.org> ]
* Provide sqldiff.1 manpage (closes: #861670).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 22 Feb 2020 10:43:26 +0000
sqlite3 (3.31.1-2) unstable; urgency=medium
* Backport upstream fixes for big-endian architectures (closes: #950974):
- compatibility with the s390 architecture,
- adapt FTS test cases to work on big-endian platforms,
- fix a problem in sqlite3CodecQueryParameters(),
- fix a 4 byte OOB read in test_multiplex.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 09 Feb 2020 06:23:33 +0000
sqlite3 (3.31.1-1) unstable; urgency=medium
* New upstream release.
* Update libsqlite3-0 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 30 Jan 2020 23:34:30 +0000
sqlite3 (3.31.0+really3.30.1+fossil191229-1) unstable; urgency=medium
* Revert to 3.30.1+fossil191229-1 until Firefox bug #1607902 is fixed
(closes: #949644).
* Remove 3.31.0 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 23 Jan 2020 18:49:05 +0000
sqlite3 (3.31.0-1) unstable; urgency=medium
* New upstream release.
* Update libsqlite3-0 symbols.
* Update Standards-Version to 4.5.0 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 22 Jan 2020 20:04:13 +0000
sqlite3 (3.30.1+fossil191229-1) unstable; urgency=high
* New Fossil snapshot release, fixing the following security issues:
- CVE-2019-19242: mishandling pExpr->y.pTab in the TK_COLUMN case,
- CVE-2019-19244: allows a crash if a sub-select uses both DISTINCT and
window functions (closes: #946656),
- CVE-2019-19603: mishandling certain SELECT statements with a
nonexistent VIEW,
- CVE-2019-19645: infinite recursion via certain types of
self-referential views,
- CVE-2019-19880: invalid pointer dereference because constant integer
values in ORDER BY clauses,
- CVE-2019-19923: mishandling certain uses of SELECT DISTINCT cause a
NULL pointer dereference,
- CVE-2019-19924: mishandling certain parser-tree rewriting,
- CVE-2019-19925: zipfileUpdate() mishandles a NULL pathname during an
update of a ZIP archive.
* Fix Django FTBFS (closes: #943509).
* Update 30-cross.patch to this release.
* Update libsqlite3-0 symbols.
* Update Standards-Version to 4.4.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 29 Dec 2019 18:49:54 +0000
sqlite3 (3.30.1-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 12 Oct 2019 20:49:33 +0000
sqlite3 (3.30.0-1) unstable; urgency=medium
* New upstream release.
* Update libsqlite3-0 symbols.
[ Yuriy M. Kaminskiy <yumkam+debian@gmail.com> ]
* Fix FTCBFS: configure fails to find readline.h (closes: #925906).
* Fix potential FTCBFS: wrong compiler used for csv.so (closes: #925880).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 05 Oct 2019 18:22:43 +0000
sqlite3 (3.29.0-2) unstable; urgency=medium
* Backport upstream fix for division by zero in the query planner.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 15 Aug 2019 17:39:23 +0000
sqlite3 (3.29.0-1) unstable; urgency=medium
* New upstream release.
* Remove backported patches.
* Update libsqlite3-0 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 11 Jul 2019 17:16:18 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libsqlite3-0`.
Generated by dwww version 1.16 on Mon Dec 15 21:02:32 CET 2025.