From 7257e4adf8858aef520867ce59186457bfd8f364 Mon Sep 17 00:00:00 2001
From: "justdave%syndicomm.com" <>
Date: Mon, 3 Nov 2003 11:50:40 +0000
Subject: [PATCH] [SECURITY] Bug 219690: When deleting products and the
 'usebuggroups' parameter is on, the privilege which allows someone to add
 people to the group which is being deleted does not get removed, allowing
 people with that privilege to get that privilege for the next group that is
 created which reuses that group ID.  Note that this only allows someone who
 had been granted privileges in the past to retain them. Patch by Stefan Mayr
 <S.Mayr2@cadenas.de> r= justdave, joel  a= justdave

---
 editproducts.cgi | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/editproducts.cgi b/editproducts.cgi
index 8ef01ebe15..4c1bb5a8c7 100755
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -686,8 +686,9 @@ if ($action eq 'delete') {
             # I'm merely checking to make sure that the groupset is not
             # the superuser groupset in doing this update...
             SendSQL("UPDATE profiles " .
-                    "SET groupset = groupset - $bit " .
-                    "WHERE (groupset & $bit) " .
+                    "SET groupset = (groupset | $bit) - $bit, " .
+                    "blessgroupset = (blessgroupset | $bit) - $bit " .
+                    "WHERE ((groupset & $bit) or (blessgroupset & $bit)) " .
                     "AND (groupset != $::superusergroupset)");
             print "Users dropped from group '$group_desc'.<BR>\n";
 
-- 
2.47.2