There is a new pull request by ndowens against master on the void-packages repository

https://github.com/ndowens/void-packages csync2
https://github.com/void-linux/void-packages/pull/26308

csync2: add CVE-2019-15522 fix
Seems source doesn't exist anymore from homepage, so use github source

A patch file from https://github.com/void-linux/void-packages/pull/26308.patch is attached