Wikimedia Security Team/AppSec Clinic Minutes/2023-07-06

Date: 2023-07-06

Attending: CLemoisson-WMF, ,

Phabricator Tasks In Progress

 * 1) MMartorana_(WMF)
 * 2) T144097 - Investigating potential patches.
 * 3) T334437 - Working on a patch.
 * 4) T336113 - To triage, maybe write patch.
 * 5) T337695 - Waiting on legal to confirm email addr.
 * 6) T338034 - Item 2 resolved.
 * 7) T338419 - AHaT tagged and still working on this.
 * 8) T339016 - Tracked to next sup sec release. Can be removed.
 * 9) T340200 - Deployed. Can be probably removed.
 * 10) MStyles_(WMF)
 * 11) T335164 - Analysis work assigned to Maryum.
 * 12) T338238 - Set up AppSec CI includes for iPoid.
 * 13) T338611 - Offer guidance if necessary.
 * 14) T339393 - To analyze.
 * 15) T340221 - To follow up.
 * 16) Reedy_(WMF)
 * 17) T333722 - Decom channel soon.
 * 18) T318825 - Assigned for follow-up.
 * 19) T321092 - Assigned for follow-up.
 * 20) T330086 - Done, add reporter to secteam HoF.
 * 21) T335204 - Assigned to  for review.
 * 22) T335288 - Assigned to  for review.
 * 23) T338094 -  triaged, assigned to Kosta H.
 * 24) T337949 - Assigned to  for review.
 * 25) T338104 - Assigned to  for review.
 * 26) T338105 - Assigned to  for review.
 * 27) SBassett_(WMF)
 * 28) T326871 - Waiting on AHT/Thalia response.
 * 29) T336310 - Waiting on Trusa for naming guidance.
 * 30) T339260 - CR proposed security patch.
 * 31) T340201 -  to analyze.
 * 32) T340217 - To include in forthcoming Vector 2022 review.
 * 33) T340220 - To include in forthcoming Vector 2022 review.

Sent to Privacy Engineering

New Phabricator Tasks Reviewed

 * 1) T340200 -  to analyze.
 * 2) T340572 -  to analyze, blocked on NDA.
 * 3) T340645 -  to analyze.
 * 4) T340833 -  to analyze.
 * 5) T340834 -  to analyze.
 * 6) T340835 -  to analyze.
 * 7) T341141 -  to analyze.