diff --git a/.last-exported-commit b/.last-exported-commit
index cd47797..849159c 100644
--- a/.last-exported-commit
+++ b/.last-exported-commit
@@ -1 +1 @@
-Last exported commit from parent repo: 6e3f24b8131b3b49aed37881270b7a18e093d307
\ No newline at end of file
+Last exported commit from parent repo: d6e5804d6fcba05fe0af882a0c1db8ffb0050320
\ No newline at end of file
diff --git a/nix-bootstrap.cabal b/nix-bootstrap.cabal
index 1de21c1..1b631a7 100644
--- a/nix-bootstrap.cabal
+++ b/nix-bootstrap.cabal
@@ -5,7 +5,7 @@ cabal-version: 2.0
 -- see: https://github.com/sol/hpack
 
 name:           nix-bootstrap
-version:        1.5.4.2
+version:        1.5.4.3
 author:         gchquser
 maintainer:     48051938+sd234678@users.noreply.github.com
 copyright:      Crown Copyright
diff --git a/package.yaml b/package.yaml
index dbe58fb..a75616f 100644
--- a/package.yaml
+++ b/package.yaml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 name: nix-bootstrap
-version: 1.5.4.2
+version: 1.5.4.3
 author: gchquser
 maintainer: 48051938+sd234678@users.noreply.github.com
 copyright: Crown Copyright
diff --git a/vulnerability-whitelist.toml b/vulnerability-whitelist.toml
index ba4ce37..3b31d90 100644
--- a/vulnerability-whitelist.toml
+++ b/vulnerability-whitelist.toml
@@ -54,7 +54,7 @@ comment = "CVEs refer to RedHat Fuse, not C libfuse (Filesystem in Userspace) on
 comment = "gcc is only a build-time dependency so we are not vulnerable to this attack."
 
 ["glibc"]
-cve = ["CVE-2023-4527", "CVE-2023-4813", "CVE-2023-5156"]
+cve = ["CVE-2023-4527", "CVE-2023-4813", "CVE-2023-5156", "CVE-2023-0687", "CVE-2023-6779"]
 comment = "Crashes accepted as not a critical system. Stack contents of nix-bootstrap should never be sensitive."
 
 ["git"]
@@ -80,6 +80,9 @@ comment = "libarchive is only a build-time dependency so we are not vulnerable t
 ["libssh2"]
 comment = "libssh2 is only a build-time dependency so we are not vulnerable to this attack."
 
+["libuv"]
+comment = "libuv is only a build-time dependency so we're not vulnerable to this attack."
+
 ["libxml2"]
 comment = "libxml2 is only a build-time dependency so we're not vulnerable to this attack."
 
@@ -90,8 +93,7 @@ comment = """No upstream fix yet, but exploitation requires a victim \
   """
 
 ["linux-pam"]
-cve = ["CVE-2022-28321"]
-comment = "Only affects OpenSUSE distributions"
+comment = "linux-pam is only a build-time dependency so we're not vulnerable to this attack."
 
 ["network"]
 cve = ["CVE-2021-35048",