Is it possible to downport the fix for CVE-2020-8244 to versions 1.x.x as many packages use it?

As far as I can see from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8244 it is fixed on 4.0.3, 3.0.1 and 2.2.1 already.