Wikimedia Security Team/AppSec Clinic Minutes/2022-05-31

Date: 2022-05-31

Attending: MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF)

From Last Time

edit
  1. MMartorana_(WMF)
    1. T307278 - Result: patch still in progress
    2. T307750 - Our part is done, waiting on Release Engineering review for upstream fixes.
    3. T308583 - Assign risk, assign vuln-, tag ostensible owners
  2. MStyles_(WMF)
    1. T306514 - Still in-progress
    2. T308659 - Need to add to supplemental release, etc.
    3. T308473 - To triage, maybe help with a patch
    4. T309255 - To triage (non-Wikimedia deployed ext)
  3. Reedy_(WMF)
    1. T306516 - Result: no update
    2. T306211 - Result: no update
  4. SBassett_(WMF)
    1. T308471 - To triage, maybe help with a patch
    2. T308861 - To triage, log sanitization
    3. T309077 - Done, possibly make task public?
    4. T309078 - Analyzed search results, possibly triage more and add teams/owners?

Phabricator Tasks Reviewed

edit
  1. T290313 - Assigned to MStyles_(WMF) for triage.
  2. T309411 - Assigned to MMartorana_(WMF) for triage.
  3. T309430 - Assigned to SBassett_(WMF) for triage.
    1. Done! Removed secteam, added vuln + risk, let releng know and added related task.