There is a new pull request by ndowens against master on the void-packages repository

https://github.com/ndowens/void-packages turbovnc
https://github.com/void-linux/void-packages/pull/15906

turbovnc: update to 2.2.3
Includes fix for CVE-2019-15683

A patch file from https://github.com/void-linux/void-packages/pull/15906.patch is attached