I am no expert cryptographer, it is likely that if I try backporting
such patches I will get something wrong that introduces more flaws.

https://security-tracker.debian.org/tracker/CVE-2021-20305 - no patch
backported yet
https://packages.ubuntu.com/source/focal/nettle - no patch backported
either

It would be best if Nettle adopted a forever (or almost) backwards
compatible ABI from now on like curl (https://curl.se/libcurl/abi.html)
so that such things don't happen again.

Thank you,
Léo