There's a merged pull request on the void-packages repository

libspiro: CVE-2019-19847 patch
https://github.com/void-linux/void-packages/pull/17708

Description:
Signed-off-by: Nathan Owens <ndowens04@gmail.com>