Package: gimp-gmic Version: 1.7.9+zart-4 Tags: security
G'MIC automatically downloads and installs software updates from http://gmic.eu/ (yes, it's HTTP, not HTTPS). As far as I can tell, it does not verify authenticity of the update in any way. I believe a man-in-the-middle attacker could exploit this to execute arbitrary code.
-- Jakub Wilk
