diff -Nru sqlite3-3.37.2/debian/changelog sqlite3-3.37.2/debian/changelog
--- sqlite3-3.37.2/debian/changelog	2022-01-16 10:59:39.000000000 +0000
+++ sqlite3-3.37.2/debian/changelog	2022-11-04 13:09:13.000000000 +0000
@@ -1,3 +1,12 @@
+sqlite3 (3.37.2-2ubuntu0.1) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: array-bounds overflow via large string argument
+    - debian/patches/CVE-2022-35737.patch: increase the size of loop
+      variables in src/printf.c.
+    - CVE-2022-35737
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 04 Nov 2022 09:09:13 -0400
+
 sqlite3 (3.37.2-2) unstable; urgency=medium
 
   * Fix non-Linux installation. 
diff -Nru sqlite3-3.37.2/debian/control sqlite3-3.37.2/debian/control
--- sqlite3-3.37.2/debian/control	2022-01-06 18:16:04.000000000 +0000
+++ sqlite3-3.37.2/debian/control	2022-11-04 13:09:13.000000000 +0000
@@ -1,7 +1,8 @@
 Source: sqlite3
 Section: devel
 Priority: optional
-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
 Build-Depends: debhelper-compat (= 13), autoconf (>= 2.59), libtool (>= 1.5.2), automake, chrpath, lynx, libreadline-dev, tcl8.6-dev
 Build-Conflicts: tcl8.4, tcl8.4-dev, tcl8.5, tcl8.5-dev
 Standards-Version: 4.5.1
diff -Nru sqlite3-3.37.2/debian/patches/CVE-2022-35737.patch sqlite3-3.37.2/debian/patches/CVE-2022-35737.patch
--- sqlite3-3.37.2/debian/patches/CVE-2022-35737.patch	1970-01-01 00:00:00.000000000 +0000
+++ sqlite3-3.37.2/debian/patches/CVE-2022-35737.patch	2022-11-04 13:09:08.000000000 +0000
@@ -0,0 +1,30 @@
+Backport of:
+
+From 6eb7354fabede50a3601f251caaec172556a3a82 Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Mon, 18 Jul 2022 15:27:29 +0000
+Subject: [PATCH] Increase the size of loop variables in the printf()
+ implementation to avoid harmless compiler warnings.
+
+FossilOrigin-Name: 26db4fc22fe6665809d321b8a88b60efbbfecd5723ff3e370b857661b981c32c
+---
+ manifest      | 16 ++++++++--------
+ manifest.uuid |  2 +-
+ src/printf.c  |  4 ++--
+ 3 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/src/printf.c b/src/printf.c
+index f0bfa53279..3602e1fcb9 100644
+--- a/src/printf.c
++++ b/src/printf.c
+@@ -803,8 +803,8 @@ void sqlite3_str_vappendf(
+       case etSQLESCAPE:           /* %q: Escape ' characters */
+       case etSQLESCAPE2:          /* %Q: Escape ' and enclose in '...' */
+       case etSQLESCAPE3: {        /* %w: Escape " characters */
+-        int i, j, k, n, isnull;
+-        int needQuote;
++        i64 i, j, k, n;
++        int needQuote, isnull;
+         char ch;
+         char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
+         char *escarg;
diff -Nru sqlite3-3.37.2/debian/patches/series sqlite3-3.37.2/debian/patches/series
--- sqlite3-3.37.2/debian/patches/series	2021-12-12 22:34:48.000000000 +0000
+++ sqlite3-3.37.2/debian/patches/series	2022-11-04 13:09:08.000000000 +0000
@@ -6,3 +6,4 @@
 31-increase_SQLITE_MAX_DEFAULT_PAGE_SIZE_to_32k.patch
 02-use-packaged-lempar.c.patch
 40-amalgamation_configure.patch
+CVE-2022-35737.patch