Remediating base image vulnerabilities

I’m trying to build a base image that pulls from php:7.3-fpm, which is built on debian:buster-slim. The php:7.3-fpm base image has vulnerabilities out of the box, like and From the look of it, there are no fixes for them other than changing the base OS. Is my understanding correct? I assumed that any high severity vulnerabilities would have fixes available on buster but that doesn’t seem to be the case. How do I go about fixing these things? I thought adding an apt-get upgrade to the Dockerfile may do the trick, but no upgrades are performed. Maybe there’s a repository out there I can add to /etc/apt/sources.list? Any insight would be greatly appreciated!