microsoft · CBL-Mariner-Bot · Apr 17, 2026 · Apr 17, 2026
@@ -0,0 +1,28 @@
+From 2190461436936c805ee345e7c67e2aec3b8e8ad2 Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Fri, 17 Apr 2026 12:05:16 +0000
+Subject: [PATCH] zipfile: return only bytes produce by inflate; build flag for
+ zlib in testfixture if available
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport of https://github.com/sqlite/sqlite/commit/5a05c59d4d75c03f23d5fb70feac9f789954bf8a.patch
+---
+ shell.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/shell.c b/shell.c
+index e357f9e..e3fcb83 100644
+--- a/shell.c
++++ b/shell.c
+@@ -9543,7 +9543,7 @@ static void zipfileInflate(
+       if( err!=Z_STREAM_END ){
+         zipfileCtxErrorMsg(pCtx, "inflate() failed (%d)", err);
+       }else{
+-        sqlite3_result_blob(pCtx, aRes, nOut, zipfileFree);
++        sqlite3_result_blob(pCtx, aRes, (int)str.total_out, zipfileFree);
+         aRes = 0;
+       }
+     }
+-- 
+2.45.4
+
@@ -2,7 +2,7 @@
 Summary:        A portable, high level programming interface to various calling conventions
 Name:           sqlite
 Version:        3.44.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        Public Domain
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -12,6 +12,7 @@ Source0:        https://www.sqlite.org/2023/%{name}-autoconf-%{sourcever}.tar.gz
 # CVE-2015-3717 applies to versions shipped in iOS and OS X
 Patch0:         CVE-2015-3717.nopatch
 Patch1:         CVE-2025-6965.patch
+Patch2:         CVE-2025-70873.patch
 Requires:       sqlite-libs = %{version}-%{release}
 Provides:       sqlite3
 
@@ -82,6 +83,9 @@ make %{?_smp_mflags} check
 %{_libdir}/libsqlite3.so.0.8.6
 
 %changelog
+* Fri Apr 17 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.44.0-3
+- Patch for CVE-2025-70873
+
 * Thu Jul 24 2025 Madhur Aggarwal <madaggarwal@microsoft.com> - 3.44.0-2
 - Patch CVE-2025-6965
 - remove unused patch file from SPEC folder.

@@ -88,9 +88,9 @@ bison-3.8.2-1.azl3.aarch64.rpm
 popt-1.19-1.azl3.aarch64.rpm
 popt-devel-1.19-1.azl3.aarch64.rpm
 popt-lang-1.19-1.azl3.aarch64.rpm
-sqlite-3.44.0-2.azl3.aarch64.rpm
-sqlite-devel-3.44.0-2.azl3.aarch64.rpm
-sqlite-libs-3.44.0-2.azl3.aarch64.rpm
+sqlite-3.44.0-3.azl3.aarch64.rpm
+sqlite-devel-3.44.0-3.azl3.aarch64.rpm
+sqlite-libs-3.44.0-3.azl3.aarch64.rpm
 elfutils-0.189-6.azl3.aarch64.rpm
 elfutils-default-yama-scope-0.189-6.azl3.noarch.rpm
 elfutils-devel-0.189-6.azl3.aarch64.rpm

@@ -88,9 +88,9 @@ bison-3.8.2-1.azl3.x86_64.rpm
 popt-1.19-1.azl3.x86_64.rpm
 popt-devel-1.19-1.azl3.x86_64.rpm
 popt-lang-1.19-1.azl3.x86_64.rpm
-sqlite-3.44.0-2.azl3.x86_64.rpm
-sqlite-devel-3.44.0-2.azl3.x86_64.rpm
-sqlite-libs-3.44.0-2.azl3.x86_64.rpm
+sqlite-3.44.0-3.azl3.x86_64.rpm
+sqlite-devel-3.44.0-3.azl3.x86_64.rpm
+sqlite-libs-3.44.0-3.azl3.x86_64.rpm
 elfutils-0.189-6.azl3.x86_64.rpm
 elfutils-default-yama-scope-0.189-6.azl3.noarch.rpm
 elfutils-devel-0.189-6.azl3.x86_64.rpm

@@ -574,10 +574,10 @@ sed-lang-4.9-1.azl3.aarch64.rpm
 slang-2.3.3-1.azl3.aarch64.rpm
 slang-debuginfo-2.3.3-1.azl3.aarch64.rpm
 slang-devel-2.3.3-1.azl3.aarch64.rpm
-sqlite-3.44.0-2.azl3.aarch64.rpm
-sqlite-debuginfo-3.44.0-2.azl3.aarch64.rpm
-sqlite-devel-3.44.0-2.azl3.aarch64.rpm
-sqlite-libs-3.44.0-2.azl3.aarch64.rpm
+sqlite-3.44.0-3.azl3.aarch64.rpm
+sqlite-debuginfo-3.44.0-3.azl3.aarch64.rpm
+sqlite-devel-3.44.0-3.azl3.aarch64.rpm
+sqlite-libs-3.44.0-3.azl3.aarch64.rpm
 swig-4.2.1-1.azl3.aarch64.rpm
 swig-debuginfo-4.2.1-1.azl3.aarch64.rpm
 systemd-bootstrap-250.3-19.azl3.aarch64.rpm

@@ -582,10 +582,10 @@ sed-lang-4.9-1.azl3.x86_64.rpm
 slang-2.3.3-1.azl3.x86_64.rpm
 slang-debuginfo-2.3.3-1.azl3.x86_64.rpm
 slang-devel-2.3.3-1.azl3.x86_64.rpm
-sqlite-3.44.0-2.azl3.x86_64.rpm
-sqlite-debuginfo-3.44.0-2.azl3.x86_64.rpm
-sqlite-devel-3.44.0-2.azl3.x86_64.rpm
-sqlite-libs-3.44.0-2.azl3.x86_64.rpm
+sqlite-3.44.0-3.azl3.x86_64.rpm
+sqlite-debuginfo-3.44.0-3.azl3.x86_64.rpm
+sqlite-devel-3.44.0-3.azl3.x86_64.rpm
+sqlite-libs-3.44.0-3.azl3.x86_64.rpm
 swig-4.2.1-1.azl3.x86_64.rpm
 swig-debuginfo-4.2.1-1.azl3.x86_64.rpm
 systemd-bootstrap-250.3-19.azl3.x86_64.rpm