There is an updated pull request by ndowens against master on the void-packages repository

https://github.com/ndowens/void-packages file
https://github.com/void-linux/void-packages/pull/15881

file: add patch for CVE-2019-18218
CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-18218
Patch: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84

A patch file from https://github.com/void-linux/void-packages/pull/15881.patch is attached