Wikimedia Security Team/AppSec Clinic Minutes/2022-05-26
Date: 2022-05-26
Attending: MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF)
From Last Time
edit- T306514 - Assigned to MStyles_(WMF)
- Result: self-assigned and still in-progress
- T306516 - Assigned to Reedy_(WMF)
- Result: no update
- T307278 - Assigned to MMartorana_(WMF)
- Result: patch still in progress
- T304291 - Assigned to MMartorana_(WMF)
- Done! Told to request new application security review.
- T306211 - Assigned to Reedy_(WMF)
- Result: no update
- T307750 - Assigned to MMartorana_(WMF)
- Still in progress, waiting on Release Engineering review, may need to escalate.
- T308101 - Assigned to MStyles_(WMF) for triage
- Risk rated, vuln rated, untagged security-team, to provide credentials advice
- T307991 - Assigned to SBassett_(WMF)
- Done! Risk rated, vuln rated, untagged security-team, Growth team and Releng appear to be triaging
Phabricator Tasks Reviewed
edit- T308659 - Assigned to MStyles_(WMF)
- Patches done and in production, adjust tags, track for supplemental security release (T305209)
- T309028 - Assigned to MMartorana_(WMF)
- Patches done and in production, adjust tags, track for main security release (T305200), I believe
- T308471 - Assigned to SBassett_(WMF) to triage
- T308473 - Assigned to MStyles_(WMF) to triage
- T308583 - Assigned to MMartorana_(WMF) to triage
- T308861 - Assigned to SBassett_(WMF) to triage
- T309077 - Assigned to SBassett_(WMF)
- I think this was fixed in another task/patch?
- T309078 - Assigned to SBassett_(WMF) to triage
- T309255 - Assigned to MStyles_(WMF) to triage
- Appears to not be a Wikimedia-deployed extension
- T309285
- Done in clinic! Untagged security team, protected as security task, triaged a bit