From d50e03964c65d178a738f6f7a8a3b2aed6f0ba97 Mon Sep 17 00:00:00 2001
From: Grant Murphy <grant.murphy@hp.com>
Date: Tue, 28 Jul 2015 07:56:05 -0700
Subject: [PATCH] Adds OSSA-2015-013

Change-Id: I7499d72e7c7d2e00e5cd08b8c504d772970385d8
---
 ossa/OSSA-2015-013.yaml | 48 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 ossa/OSSA-2015-013.yaml

diff --git a/ossa/OSSA-2015-013.yaml b/ossa/OSSA-2015-013.yaml
new file mode 100644
index 0000000..852e33c
--- /dev/null
+++ b/ossa/OSSA-2015-013.yaml
@@ -0,0 +1,48 @@
+date: 2015-07-28
+
+id: OSSA-2015-013
+
+title: 'Glance task flow may fail to delete image from backend'
+
+description: 'Abhishek Kekane from NTT reported a vulnerability in Glance.
+    By creating numerous images using the import task flow API and deleting
+    them, an authenticated attacker may accumulate untracked image data in the
+    backend resulting in potential resource exhaustion and denial of
+    service. All glance setups are affected.'
+
+affected-products:
+
+  - product: glance
+    version: versions 2015.1.0
+
+vulnerabilities:
+
+  - cve-id: CVE-2015-3289
+
+reporters:
+
+  - name: 'Abhishek Kekane'
+    affiliation: NTT
+    reported:
+      - CVE-2015-3289
+
+issues:
+
+  links:
+    - https://launchpad.net/bugs/1454087
+
+  type: launchpad
+
+reviews:
+
+  liberty:
+    - https://review.openstack.org/#/c/181345/
+
+  kilo:
+    - https://review.openstack.org/#/c/181816/
+
+
+  type: gerrit
+
+notes:
+  - 'This fix will be included in the future 2015.1.1 (kilo) release.'