Here is a patch to fix CVE-2016-4738 in libxslt.