Apologies if this has been covered earlier, searched back through history and didn't find anything the answer.
I am trying to determine which version CVE-2019-5018 is resolved in. The Talos post (https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777) references a vendor patch on 2019-03-28, but there's no SQLite release on that date. My theory is that it is resolved in the 3.28 SQLite release (rather than on that date), but I'd like confirmation as the release notes for 3.27 and 3.28 don't reference it.
From what I can see neither the vulnerability nor the fix were officially acknowledged by SQLite developers. If you wish to test a SQLite version for a fix yourself, detailed discussion of the vulnerability with demonstration code can be found here: