diff -Nru sqlite3-3.16.2/debian/changelog sqlite3-3.16.2/debian/changelog
--- sqlite3-3.16.2/debian/changelog	2017-01-22 17:21:15.000000000 +0000
+++ sqlite3-3.16.2/debian/changelog	2017-02-13 17:31:26.000000000 +0000
@@ -1,3 +1,10 @@
+sqlite3 (3.16.2-3) unstable; urgency=medium
+
+  * Backport upstream fix to ensure that sqlite3_blob_reopen() correctly
+    handles short rows.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 13 Feb 2017 17:31:26 +0000
+
 sqlite3 (3.16.2-2) unstable; urgency=medium
 
   * Backport upstream fix of variable initialization in the CLI tool.
diff -Nru sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch
--- sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch	1970-01-01 00:00:00.000000000 +0000
+++ sqlite3-3.16.2/debian/patches/35-fix-sqlite3_blob_reopen.patch	2017-02-13 17:31:26.000000000 +0000
@@ -0,0 +1,27 @@
+Description: Ensure that sqlite3_blob_reopen() correctly handles short rows
+ If ALTER TABLE ADD COLUMN is run to add a column to a table, and then later
+ the sqlite3_blob_open() interface is run successfully on that new column,
+ and then sqlite3_blob_reopen() is run to move the sqlite3_blob object to a
+ different row where the added column has never been initialized, then the
+ sqlite3_blob_reopen() routine does not detect that the column it is
+ attempting to open contains a NULL. This can lead to further problems
+ downstream.
+Origin: upstream, https://www.sqlite.org/src/info/8cd1a4451cce1fe2
+Author: Laszlo Boszormenyi (GCS) <gcs@debian.org>
+Last-Update: 2017-02-14
+
+---
+
+--- sqlite3-3.16.2.orig/src/vdbeblob.c
++++ sqlite3-3.16.2/src/vdbeblob.c
+@@ -67,7 +67,9 @@ static int blobSeekToRow(Incrblob *p, sq
+   rc = sqlite3_step(p->pStmt);
+   if( rc==SQLITE_ROW ){
+     VdbeCursor *pC = v->apCsr[0];
+-    u32 type = pC->aType[p->iCol];
++    u32 type = pC->nHdrParsed>p->iCol ? pC->aType[p->iCol] : 0;
++    testcase( pC->nHdrParsed==p->iCol );
++    testcase( pC->nHdrParsed==p->iCol+1 );
+     if( type<12 ){
+       zErr = sqlite3MPrintf(p->db, "cannot open value of type %s",
+           type==0?"null": type==7?"real": "integer"
diff -Nru sqlite3-3.16.2/debian/patches/series sqlite3-3.16.2/debian/patches/series
--- sqlite3-3.16.2/debian/patches/series	2017-01-22 17:21:15.000000000 +0000
+++ sqlite3-3.16.2/debian/patches/series	2017-02-13 17:31:26.000000000 +0000
@@ -6,3 +6,4 @@
 31-increase_SQLITE_MAX_DEFAULT_PAGE_SIZE_to_32k.patch
 02-use-packaged-lempar.c.patch
 32-fix_an_uninitialized_variable_in_the_command-line_shell.patch
+35-fix-sqlite3_blob_reopen.patch