From c5ece310d2ce9a4f647e7dfd0a38d6bfea95d323 Mon Sep 17 00:00:00 2001
From: Tristan Cacqueray <tristan.cacqueray@enovance.com>
Date: Fri, 23 Jan 2015 15:56:47 +0000
Subject: [PATCH] Adds OSSA-2015-003

Change-Id: Id5de7f19dd7ece9eba1c08ac8ca23d953de796e3
---
 ossa/OSSA-2015-003.yaml | 52 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 ossa/OSSA-2015-003.yaml

diff --git a/ossa/OSSA-2015-003.yaml b/ossa/OSSA-2015-003.yaml
new file mode 100644
index 0000000..08d82f3
--- /dev/null
+++ b/ossa/OSSA-2015-003.yaml
@@ -0,0 +1,52 @@
+date: 2015-01-26
+
+id: OSSA-2015-003
+
+title: 'Glance user storage quota bypass'
+
+description: 'Tushar Patil from NTT reported a vulnerability in Glance. By deleting images
+    that are being uploaded, a malicious user can overcome the storage quota and
+    thus may overrun the backend. Images in deleted state are not taken into
+    account by quota and won''t be effectively deleted until the upload is
+    completed. Only Glance setups configured with user_storage_quota are
+    affected.'
+
+affected-products:
+
+  - product: glance
+    version: up to 2014.1.3 and 2014.2 versions up to 2014.2.1
+
+vulnerabilities:
+
+  - cve-id: CVE-2014-9623
+
+reporters:
+
+  - name: 'Tushar Patil'
+    affiliation: NTT
+    reported:
+      - CVE-2014-9623
+
+issues:
+
+  links:
+    - https://launchpad.net/bugs/1398830
+
+  type: launchpad
+
+reviews:
+
+  kilo:
+    - https://review.openstack.org/144464
+
+  juno:
+    - https://review.openstack.org/149387
+
+  icehouse:
+    - https://review.openstack.org/149646
+
+  type: gerrit
+
+notes:
+  - 'This fix will be included in the kilo-2 development milestone and in
+     future 2014.2.2 (juno) and 2014.1.4 (icehouse) releases.'