I've exchanged a few eMails with Greg, and it appears that the impact of this bug is relatively low for most CMOD customers.
It doesn't affect CMOD user passwords or CMOD stash files, but only the password for keystore databases -- if you're using CMOD with SSL/TLS (for encryption of data on-the-wire) or the new IBM CMOD encryption (for encryption of data at rest) you'll want to update the password on your keystore database after applying the latest GSKit Fixpack.
The updated version of GSKit is v8.0.50.88, but it is not publicly available yet. You must request it from support. The only exception is IBM CMOD for Windows, where GSKit is bundled with the install package.
-JD.