Adds OSSA-2015-003

Change-Id: Id5de7f19dd7ece9eba1c08ac8ca23d953de796e3
This commit is contained in:
Tristan Cacqueray 2015-01-23 15:56:47 +00:00
parent 46d72b962f
commit c5ece310d2
1 changed files with 52 additions and 0 deletions

52
ossa/OSSA-2015-003.yaml Normal file
View File

@ -0,0 +1,52 @@
date: 2015-01-26
id: OSSA-2015-003
title: 'Glance user storage quota bypass'
description: 'Tushar Patil from NTT reported a vulnerability in Glance. By deleting images
that are being uploaded, a malicious user can overcome the storage quota and
thus may overrun the backend. Images in deleted state are not taken into
account by quota and won''t be effectively deleted until the upload is
completed. Only Glance setups configured with user_storage_quota are
affected.'
affected-products:
- product: glance
version: up to 2014.1.3 and 2014.2 versions up to 2014.2.1
vulnerabilities:
- cve-id: CVE-2014-9623
reporters:
- name: 'Tushar Patil'
affiliation: NTT
reported:
- CVE-2014-9623
issues:
links:
- https://launchpad.net/bugs/1398830
type: launchpad
reviews:
kilo:
- https://review.openstack.org/144464
juno:
- https://review.openstack.org/149387
icehouse:
- https://review.openstack.org/149646
type: gerrit
notes:
- 'This fix will be included in the kilo-2 development milestone and in
future 2014.2.2 (juno) and 2014.1.4 (icehouse) releases.'