New comment by digitalagedragon on void-packages repository

https://github.com/void-linux/void-packages/pull/30516#issuecomment-827780948

Comment:
It doesn't look like fedora, arch, or debian include the CVE-2020-8287 patch. fedora and arch are using upstream 2.9.4 directly, and debian does have their own repo for it but they haven't included the patch.