There is an updated pull request by ndowens against master on the void-packages repository

https://github.com/ndowens/void-packages git-lfs
https://github.com/void-linux/void-packages/pull/26310

git-lfs: update to 2.12.1
Fixes CVE-2020-27955
@the-maldridge 

A patch file from https://github.com/void-linux/void-packages/pull/26310.patch is attached