Version in base suite: 3.46.1-7 Base version: sqlite3_3.46.1-7 Target version: sqlite3_3.46.1-7+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/sqlite3/sqlite3_3.46.1-7.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/s/sqlite3/sqlite3_3.46.1-7+deb13u1.dsc changelog | 9 +++++++++ control | 2 +- patches/53-CVE-2025-7709.patch | 24 ++++++++++++++++++++++++ patches/series | 1 + 4 files changed, 35 insertions(+), 1 deletion(-) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp4o_tcsnx/sqlite3_3.46.1-7.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp4o_tcsnx/sqlite3_3.46.1-7+deb13u1.dsc: no acceptable signature found diff -Nru sqlite3-3.46.1/debian/changelog sqlite3-3.46.1/debian/changelog --- sqlite3-3.46.1/debian/changelog 2025-07-25 19:04:34.000000000 +0000 +++ sqlite3-3.46.1/debian/changelog 2026-01-22 18:19:00.000000000 +0000 @@ -1,3 +1,12 @@ +sqlite3 (3.46.1-7+deb13u1) trixie; urgency=medium + + * Backport upstream security fix for CVE-2025-7709: integer overflow in the + FTS5 extension (closes: #1114609). + * Add pkgconf build dependency to fix link problem with ICU extension + (closes: #1099724). + + -- Laszlo Boszormenyi (GCS) Thu, 22 Jan 2026 19:19:00 +0100 + sqlite3 (3.46.1-7) unstable; urgency=high * Backport upstream security fix for CVE-2025-6965: the number of aggregate diff -Nru sqlite3-3.46.1/debian/control sqlite3-3.46.1/debian/control --- sqlite3-3.46.1/debian/control 2025-04-09 14:39:52.000000000 +0000 +++ sqlite3-3.46.1/debian/control 2026-01-22 18:19:00.000000000 +0000 @@ -2,7 +2,7 @@ Section: devel Priority: optional Maintainer: Laszlo Boszormenyi (GCS) -Build-Depends: debhelper-compat (= 13), autoconf (>= 2.59), libtool (>= 1.5.2), automake, chrpath, lynx, libreadline-dev, tcl8.6-dev, libicu-dev +Build-Depends: debhelper-compat (= 13), autoconf (>= 2.59), libtool (>= 1.5.2), automake, pkgconf, chrpath, lynx, libreadline-dev, tcl8.6-dev, libicu-dev Build-Conflicts: tcl8.4, tcl8.4-dev, tcl8.5, tcl8.5-dev Standards-Version: 4.7.0 Rules-Requires-Root: no diff -Nru sqlite3-3.46.1/debian/patches/53-CVE-2025-7709.patch sqlite3-3.46.1/debian/patches/53-CVE-2025-7709.patch --- sqlite3-3.46.1/debian/patches/53-CVE-2025-7709.patch 1970-01-01 00:00:00.000000000 +0000 +++ sqlite3-3.46.1/debian/patches/53-CVE-2025-7709.patch 2026-01-22 18:19:00.000000000 +0000 @@ -0,0 +1,24 @@ +Description: fix CVE-2025-7709 + An integer overflow exists in the FTS5 extension. This change fixes this. +Author: Laszlo Boszormenyi (GCS) +Bug-Debian: https://bugs.debian.org/1114609 +Origin: upstream, https://sqlite.org/src/info/63595b74956a9391 +Forwarded: not-needed +Last-Update: 2025-09-07 + +--- + +--- a/ext/fts5/fts5_index.c ++++ b/ext/fts5/fts5_index.c +@@ -1933,9 +1933,9 @@ static void fts5SegIterSetNext(Fts5Index + ** leave an error in the Fts5Index object. + */ + static void fts5SegIterAllocTombstone(Fts5Index *p, Fts5SegIter *pIter){ +- const int nTomb = pIter->pSeg->nPgTombstone; ++ const i64 nTomb = (i64)pIter->pSeg->nPgTombstone; + if( nTomb>0 ){ +- int nByte = nTomb * sizeof(Fts5Data*) + sizeof(Fts5TombstoneArray); ++ i64 nByte = nTomb * sizeof(Fts5Data*) + sizeof(Fts5TombstoneArray); + Fts5TombstoneArray *pNew; + pNew = (Fts5TombstoneArray*)sqlite3Fts5MallocZero(&p->rc, nByte); + if( pNew ){ diff -Nru sqlite3-3.46.1/debian/patches/series sqlite3-3.46.1/debian/patches/series --- sqlite3-3.46.1/debian/patches/series 2025-07-25 19:04:34.000000000 +0000 +++ sqlite3-3.46.1/debian/patches/series 2026-01-22 18:19:00.000000000 +0000 @@ -11,3 +11,4 @@ 50-CVE-2025-29087.patch 51-CVE-2025-29088.patch 52-CVE-2025-6965.patch +53-CVE-2025-7709.patch