There is a new pull request by aurieh against master on the void-packages repository

https://github.com/aurieh/void-packages update-python3-rsa
https://github.com/void-linux/void-packages/pull/25953

python3-rsa: update to 4.6
Resolves CVE-2020-13757 and drops Python 2.7 support, which is no big deal, since the only two packages (`python3-google-auth` and `python3-Telethon`) to depend on it both run on Python 3.

A patch file from https://github.com/void-linux/void-packages/pull/25953.patch is attached