diff --git a/sqlite3-CVE-2019-16168.patch b/sqlite3-CVE-2019-16168.patch
new file mode 100644
index 0000000..c584e2d
--- /dev/null
+++ b/sqlite3-CVE-2019-16168.patch
@@ -0,0 +1,46 @@
+--- src/analyze.c.orig
++++ src/analyze.c
+@@ -1497,7 +1497,9 @@ static void decodeIntArray(
+       if( sqlite3_strglob("unordered*", z)==0 ){
+         pIndex->bUnordered = 1;
+       }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
+-        pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
++        int sz = sqlite3Atoi(z+3);
++        if( sz<2 ) sz = 2;
++        pIndex->szIdxRow = sqlite3LogEst(sz);
+       }else if( sqlite3_strglob("noskipscan*", z)==0 ){
+         pIndex->noSkipScan = 1;
+       }
+--- src/where.c.orig
++++ src/where.c
+@@ -2668,6 +2668,7 @@ static int whereLoopAddBtreeIndex(
+     ** it to pNew->rRun, which is currently set to the cost of the index
+     ** seek only. Then, if this is a non-covering index, add the cost of
+     ** visiting the rows in the main table.  */
++    assert( pSrc->pTab->szTabRow>0 );
+     rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
+     pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
+     if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
+--- test/analyzeC.test.orig
++++ test/analyzeC.test
+@@ -132,6 +132,20 @@ do_execsql_test 4.3 {
+   SELECT count(a) FROM t1;
+ } {/.*INDEX t1ca.*/}
+ 
++# 2019-08-15.
++# Ticket https://www.sqlite.org/src/tktview/e4598ecbdd18bd82945f602901
++# The sz=N parameter in the sqlite_stat1 table needs to have a value of
++# 2 or more to avoid a division by zero in the query planner.
++#
++do_execsql_test 4.4 {
++  DROP TABLE IF EXISTS t44;
++  CREATE TABLE t44(a PRIMARY KEY);
++  INSERT INTO sqlite_stat1 VALUES('t44',null,'sz=0');
++  ANALYZE sqlite_master;
++  SELECT 0 FROM t44 WHERE a IN(1,2,3);
++} {}
++
++
+ 
+ # The sz=NNN parameter works even if there is other extraneous text
+ # in the sqlite_stat1.stat column.
diff --git a/sqlite3.changes b/sqlite3.changes
index 84b80b9..60508fa 100644
--- a/sqlite3.changes
+++ b/sqlite3.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Sep 10 15:17:35 UTC 2019 - Reinhard Max <max@suse.com>
+
+- bsc#1150137, CVE-2019-16168, sqlite3-CVE-2019-16168.patch:
+  Improper validation of qlite_stat1 sz field leads to division by
+  zero.
+
 -------------------------------------------------------------------
 Thu Jul 11 08:59:55 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
 
diff --git a/sqlite3.spec b/sqlite3.spec
index 96c2dc1..d062eb3 100644
--- a/sqlite3.spec
+++ b/sqlite3.spec
@@ -28,6 +28,7 @@ URL:            http://www.sqlite.org/
 Source0:        http://www.sqlite.org/2019/sqlite-src-%{tarversion}.zip
 Source1:        baselibs.conf
 Source2:        http://www.sqlite.org/2019/sqlite-doc-%{tarversion}.zip
+Patch0:         sqlite3-CVE-2019-16168.patch
 BuildRequires:  automake
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -103,6 +104,7 @@ other documentation found on sqlite.org. The files can be found in
 
 %prep
 %setup -q -n sqlite-src-%{tarversion} -a2
+%patch0
 rm -v sqlite-doc-%{tarversion}/releaselog/current.html
 ln -sv `echo %{version} | sed "s/\./_/g"`.html sqlite-doc-%{tarversion}/releaselog/current.html
 find -type f -name sqlite.css~ -delete