Your message dated Fri, 23 Jan 2026 03:48:41 +0000
with message-id <[email protected]>
and subject line Bug#1121846: fixed in gokey 0.2.0-1
has caused the Debian Bug report #1121846,
regarding gokey: CVE-2025-13353
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121846: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121846
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gokey
Version: 0.1.2-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gokey.
CVE-2025-13353[0]:
| In gokey versions <0.2.0, a flaw in the seed decryption logic
| resulted in passwords incorrectly being derived solely from the
| initial vector and the AES-GCM authentication tag of the key seed.
| This issue has been fixed in gokey version 0.2.0. This is a breaking
| change. The fix has invalidated any passwords/secrets that were
| derived from the seed file (using the -s option). Even if the input
| seed file stays the same, version 0.2.0 gokey will generate
| different secrets. Impact This vulnerability impacts generated
| keys/secrets using a seed file as an entropy input (using the -s
| option). Keys/secrets generated just from the master password
| (without the -s option) are not impacted. The confidentiality of
| the seed itself is also not impacted (it is not required to
| regenerate the seed itself). Specific impact includes: *
| keys/secrets generated from a seed file may have lower entropy: it
| was expected that the whole seed would be used to generate keys (240
| bytes of entropy input), where in vulnerable versions only 28 bytes
| was used * a malicious entity could have recovered all
| passwords, generated from a particular seed, having only the seed
| file in possession without the knowledge of the seed master
| password Patches The code logic bug has been fixed in gokey
| version 0.2.0 and above. Due to the deterministic nature of gokey,
| fixed versions will produce different passwords/secrets using seed
| files, as all seed entropy will be used now. System secret
| rotation guidance It is advised for users to regenerate
| passwords/secrets using the patched version of gokey (0.2.0 and
| above), and provision/rotate these secrets into respective systems
| in place of the old secret. A specific rotation procedure is
| system-dependent, but most common patterns are described below.
| Systems that do not require the old password/secret for rotation
| Such systems usually have a "Forgot password" facility or a similar
| facility allowing users to rotate their password/secrets by sending
| a unique "magic" link to the user's email or phone. In such cases
| users are advised to use this facility and input the newly
| generated password secret, when prompted by the system. Systems
| that require the old password/secret for rotation Such systems
| usually have a modal password rotation window usually in the user
| settings section requiring the user to input the old and the new
| password sometimes with a confirmation. To generate/recover the old
| password in such cases users are advised to: * temporarily
| download gokey version 0.1.3
| https://github.com/cloudflare/gokey/releases/tag/v0.1.3 for their
| respective operating system to recover the old password * use
| gokey version 0.2.0 or above to generate the new password *
| populate the system provided password rotation form Systems that
| allow multiple credentials for the same account to be provisioned
| Such systems usually require a secret or a cryptographic key as a
| credential for access, but allow several credentials at the same
| time. One example is SSH: a particular user may have several
| authorized public keys configured on the SSH server for access. For
| such systems users are advised to: * generate a new
| secret/key/credential using gokey version 0.2.0 or above *
| provision the new secret/key/credential in addition to the existing
| credential on the system * verify that the access or required
| system operation is still possible with the new
| secret/key/credential * revoke authorization for the
| existing/old credential from the system Credit This
| vulnerability was found by Théo Cusnir ( @mister_mime
| https://hackerone.com/mister_mime ) and responsibly disclosed
| through Cloudflare's bug bounty program.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-13353
https://www.cve.org/CVERecord?id=CVE-2025-13353
[1] https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gokey
Source-Version: 0.2.0-1
Done: Matheus Polkorny <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gokey, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matheus Polkorny <[email protected]> (supplier of updated gokey package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 13 Jan 2026 23:50:52 -0300
Source: gokey
Architecture: source
Version: 0.2.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Matheus Polkorny <[email protected]>
Closes: 1121846
Changes:
gokey (0.2.0-1) unstable; urgency=medium
.
* Team upload
* New upstream version 0.2.0
- Fix CVE-2025-13353 (A flaw in the seed decryption logic
resulted in passwords incorrectly being derived solely
from the initial vector and the AES-GCM authentication
tag of the key seed) (Closes: #1121846)
* d/gokey.NEWS: Add file regarding CVE-2025-13353
* d/p/0001-Import-deterministic.patch: Remove patch applied
Checksums-Sha1:
d165cce1279e751e5d3d4af4612f3810ac97ba2f 2205 gokey_0.2.0-1.dsc
00bd103f11cc7c7774b264ed4ee8e13fed7ff1b2 18804 gokey_0.2.0.orig.tar.xz
27034d57ec4681cd748541775764b3e7519f2648 4992 gokey_0.2.0-1.debian.tar.xz
95ab671611b3405da6b2cf68055bc1c5ba6cf412 6812 gokey_0.2.0-1_amd64.buildinfo
Checksums-Sha256:
e548962782205e4b4faca897902dc8f5a614c907db961d06f8b894de0547a1b4 2205
gokey_0.2.0-1.dsc
8868c1a4b1c360729b886a62f86fa8d0fa3be11a405413a2c023141ad9751b58 18804
gokey_0.2.0.orig.tar.xz
9524b933359ee1653174045a2937ad146304624edc4f160c5d44536296950b40 4992
gokey_0.2.0-1.debian.tar.xz
e7a648f2388d364e3a4028a54b9f9778f2d5ea285038b3b4a4b0370074a37102 6812
gokey_0.2.0-1_amd64.buildinfo
Files:
969499313bbaa505987d4cfa96198cd1 2205 utils optional gokey_0.2.0-1.dsc
7625d6dd1e42e8b6c1ff08448053ead0 18804 utils optional gokey_0.2.0.orig.tar.xz
7945739392efd15807e48a0d56bac276 4992 utils optional
gokey_0.2.0-1.debian.tar.xz
03bb616800985efe10459a54709eb44b 6812 utils optional
gokey_0.2.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmly68YACgkQu6n6rcz7
RweeJxAAh6HYLRIYN9Ob3mLTdun3Ovz8zfY15qk0N4yFAtsaec5gCVs9AkGaDFxS
II5lcWUayaAJ106qLBaMzVFpdyuFKWOLOc6czcVBoGGQ8LF2fDfu8x4dTKqLfSKK
hrr1UBQVxQuc10vQpPQQgcitUwJovCE1YWKOws/X1dlzPw7Gn+8Eq7zGag2TKbGB
W2R0LRr0ShWpxxnbmT4WzgQA8ELBAtV9bi+vDa8cY0d0z5UF/hJ6U0ko9FICakvn
82WwdBYvMDPpkdtdrJUXVClC/bPQkhRA3fPiR57wvQBXEyWvWPz2uaam6BYXMQ3t
/onpwIPkVF9c1fzpNeywvKj9yF6E9kkqg1opVs04h27cHRAdxCAyTSUA2RDUOOD4
KaRaHN/67QEWLi/+QF8NR7V76Ra5xlDt1schZdg1kjEVnFcO9E7oOhLnDd2rrBaP
9SIeEGpK9DLf+GhClkDfqOts6iaat7i4e0ZF+j32wjBiL5u7D8+habgcV9/WtDkL
VI8UXWTQH5wyp07qVQimtiCLiaokZhimhME03DAsdYcYKy0Cu2zdvu6mX6mXieQL
SPDpBuhEBmE/9mAMDZDsdvGZH47ubh4jIZw+nNh180xaVA0ozXYJnyspPR6ycDDg
60dFEY5N68FhiLnatC4b3hipaoais9YJG/tnTaQ/iz43eSu06Eg=
=iWwS
-----END PGP SIGNATURE-----
pgpIOVjbO0uEZ.pgp
Description: PGP signature
--- End Message ---
