3dd32aba1f
KJ: Cisco distributes the OpenH264 binaries and their MD5 hashes over HTTP. Knowing that HTTP is insecure, MD5 hashes may easily collide, and both are served over the same medium, saying that this method is ridiculous is an understatement. Take into account that these are binaries we download and execute, and we for sure do not want to turn Ruffle into a remote code execution framework. This patch changes MD5 to SHA256 in order to increase security and protect our users from attacks resulting from this vulnerability. Co-authored-by: Kamil Jarosz <kjarosh256@gmail.com> |
||
---|---|---|
.. | ||
external | ||
software | ||
src | ||
Cargo.toml |