Fix broken security/buster branch

Previous debian/4.6-1+deb10u4 tag in git packaging repo has different content with the upload currently resides in the buster-security archive. It misses 2 patches and will fail to build from source. This commit adds the missing files back.

Besides, it is worth noting that CVE-2020-15049 was not correctly referenced in the previous 4.6-1+deb10u3 upload. Since the CVE database in Debian has already correctly updated, I am keeping this typo as is.

Please consider merging this fix. cc: @luigi @yadi-guest @manty @gratuxri Let me know if there are any doubts that would block this merge request.