CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]

libxslt-CVE-2025-11731.patch

@@ -0,0 +1,36 @@
+From fe508f201efb9ea37bfbe95413b8b28251497de3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= <drott@chromium.org>
+Date: Wed, 27 Aug 2025 14:28:40 +0300
+Subject: [PATCH] End function node ancestor search at document
+
+Avoids dereferencing a non-existent ->ns property on an
+XML_DOCUMENT_NODE pointer.
+
+Fixes #151.
+---
+ libexslt/functions.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libexslt/functions.c b/libexslt/functions.c
+index 8d35a7ae..a54ee70c 100644
+--- a/libexslt/functions.c
++++ b/libexslt/functions.c
+@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst,
+      * instanciation of a func:result element.
+      */
+     for (test = inst->parent; test != NULL; test = test->parent) {
+-	if (IS_XSLT_ELEM(test) &&
+-	    IS_XSLT_NAME(test, "stylesheet")) {
++	if (/* Traversal has reached the top-level document without
++         * finding a func:function ancestor. */
++        (test != NULL && test->type == XML_DOCUMENT_NODE) ||
++        /* Traversal reached a stylesheet-namespace node,
++         * and has left the function namespace. */
++        (IS_XSLT_ELEM(test) &&
++         IS_XSLT_NAME(test, "stylesheet"))) {
+ 	    xsltGenericError(xsltGenericErrorContext,
+ 			     "func:result element not a descendant "
+ 			     "of a func:function\n");
+-- 
+GitLab
+

libxslt.changes

@@ -1,5 +1,28 @@
 -------------------------------------------------------------------
-Thu Jul 17 09:44:34 UTC 2025 - pgajdos@suse.com
+Wed Feb  4 09:24:04 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
+
+- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
+- deleted patches
+  * libxslt-CVE-2025-10911.patch
+
+-------------------------------------------------------------------
+Wed Oct 15 08:36:33 UTC 2025 - pgajdos@suse.com
+
+- security update
+- added patches
+  CVE-2025-11731 [bsc#1251979], type confusion in exsltFuncResultCompfunction leading to denial of service
+  * libxslt-CVE-2025-11731.patch
+
+-------------------------------------------------------------------
+Thu Oct  2 13:18:59 UTC 2025 - pgajdos@suse.com
+
+- security update
+- added patches
+  CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT
+  * libxslt-CVE-2025-10911.patch
+
+-------------------------------------------------------------------
+Thu Jul 17 09:41:32 UTC 2025 - pgajdos@suse.com
 
 - security update
 - added patches

libxslt.spec

@@ -42,6 +42,13 @@ Patch0:         libxslt-1.1.24-no-net-autobuild.patch
 Patch1:         libxslt-random-seed.patch
 # CVE-2025-7424 [bsc#1246360], Type confusion in xmlNode.psvi between stylesheet and source nodes
 Patch2:         libxslt-CVE-2025-7424.patch
+# CVE-2025-11731 [bsc#1251979], type confusion in exsltFuncResultCompfunction leading to denial of service
+Patch4:         libxslt-CVE-2025-11731.patch
+#
+### SUSE patches starts on 1000
+# PATCH-FIX-SUSE
+#Patch1000:
+#
 BuildRequires:  fdupes
 BuildRequires:  gcc
 BuildRequires:  libgcrypt-devel