diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
index 628f78e0..42beeb56 100644
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@@ -475,6 +475,7 @@ deblobDevice() {
 		sed -i 's/BOARD_USES_QCNE := true/BOARD_USES_QCNE := false/' BoardConfig.mk; #Disable CNE
 		sed -i 's/BOARD_USES_WIPOWER := true/BOARD_USES_WIPOWER := false/' BoardConfig.mk; #Disable WiPower
 		sed -i 's/TARGET_HAS_HDR_DISPLAY := true/TARGET_HAS_HDR_DISPLAY := false/' BoardConfig.mk; #Disable HDR
+		sed -i 's/BOARD_SUPPORTS_SOUND_TRIGGER := true/BOARD_SUPPORTS_SOUND_TRIGGER := false/' BoardConfig.mk; #Disable Sound Trigger
 		if [ "$DOS_DEBLOBBER_REMOVE_GRAPHICS" = true ]; then
 			#sed -i 's/USE_OPENGL_RENDERER := true/USE_OPENGL_RENDERER := false/' BoardConfig.mk;
 			#if ! grep -q "USE_OPENGL_RENDERER := false" BoardConfig.mk; then echo "USE_OPENGL_RENDERER := false" >> BoardConfig.mk; fi;
diff --git a/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh
index 7c3f8b96..458b56d9 100644
--- a/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh
+++ b/Scripts/LineageOS-11.0/CVE_Patchers/android_kernel_zte_msm8930.sh
@@ -142,15 +142,18 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/772877_0001-usb-core-Fix-use-after-free-for-hub-usb-device.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
-editKernelLocalversion "-dos.p152"
+editKernelLocalversion "-dos.p155"
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh
index 72ba4026..4f530be6 100644
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@@ -101,12 +101,17 @@ export -f buildAll;
 patchWorkspace() {
 	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi;
 	source build/envsetup.sh;
+	#repopick 192923; #su memory leak fixes
+	repopick -it wl12xx-krack-fw-4; #ti wlan firmware with krack fixes
+	#repopick 212799; #alt: 212827 flac extractor CVE-2017-0592
+	#repopick 214125; #spellchecker: enable more wordlists
 	repopick -it n_asb_09-2018-qcom;
 	repopick -it bt-sbc-hd-dualchannel-nougat;
 	repopick 201113; #wifi country code fix
+	repopick 242134; #AVRCP off-by-one fix
 	repopick 244387 244388; #loopback fixes
 	repopick -it CVE-2019-2033;
-	#repopick 212799; #alt: 212827
+	repopick -it n-asb-2019-05;
 
 	export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails