There is a new pull request by ericonr against master on the void-packages repository

https://github.com/ericonr/void-packages tar
https://github.com/void-linux/void-packages/pull/30482

tar: remove CVE patch.
Patch was added d95a0b07065a6cde65cfb94e5581024696883610, apparently
based on the one discussed in [1], but using ERROR instead of
FATAL_ERROR. However, per [2], this was fixed in another way, though
upstream seems to not consider it worthy of a CVE.

[1] https://lists.gnu.org/archive/html/bug-tar/2016-10/msg00014.html
[2] https://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html

<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/30482.patch is attached