There's a merged pull request on the void-packages repository

unbound: update to 1.9.4.
https://github.com/void-linux/void-packages/pull/15026

Description:
Fixes [CVE-2019-16866](https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries)