new file mode 100644
@@ -0,0 +1,42 @@
+From fe508f201efb9ea37bfbe95413b8b28251497de3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= <drott@chromium.org>
+Date: Wed, 27 Aug 2025 14:28:40 +0300
+Subject: [PATCH] End function node ancestor search at document
+
+Avoids dereferencing a non-existent ->ns property on an
+XML_DOCUMENT_NODE pointer.
+
+Fixes #151.
+
+CVE: CVE-2025-11731
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ libexslt/functions.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libexslt/functions.c b/libexslt/functions.c
+index 8d35a7ae..a54ee70c 100644
+--- a/libexslt/functions.c
++++ b/libexslt/functions.c
+@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst,
+ * instanciation of a func:result element.
+ */
+ for (test = inst->parent; test != NULL; test = test->parent) {
+- if (IS_XSLT_ELEM(test) &&
+- IS_XSLT_NAME(test, "stylesheet")) {
++ if (/* Traversal has reached the top-level document without
++ * finding a func:function ancestor. */
++ (test != NULL && test->type == XML_DOCUMENT_NODE) ||
++ /* Traversal reached a stylesheet-namespace node,
++ * and has left the function namespace. */
++ (IS_XSLT_ELEM(test) &&
++ IS_XSLT_NAME(test, "stylesheet"))) {
+ xsltGenericError(xsltGenericErrorContext,
+ "func:result element not a descendant "
+ "of a func:function\n");
+--
+2.34.1
+
@@ -14,7 +14,8 @@ SECTION = "libs"
DEPENDS = "libxml2"
SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz \
- file://gnome-libxslt-bug-139-apple-fix.diff"
+ file://gnome-libxslt-bug-139-apple-fix.diff \
+ file://CVE-2025-11731.patch"
SRC_URI[sha256sum] = "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a"