liangsheng8708
/
ruffle
mirror of https://mirror.ghproxy.com/https://github.com/ruffle-rs/ruffle.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ruffle/video
History
Dexter Gerig 3dd32aba1f video: Check OpenH264 library downloads with SHA256 instead of MD5 
KJ:
Cisco distributes the OpenH264 binaries and their MD5 hashes over HTTP.
Knowing that HTTP is insecure, MD5 hashes may easily collide,
and both are served over the same medium, saying that
this method is ridiculous is an understatement.

Take into account that these are binaries we download and execute, and
we for sure do not want to turn Ruffle into a remote code execution framework.

This patch changes MD5 to SHA256 in order to increase security
and protect our users from attacks resulting from this vulnerability.

Co-authored-by: Kamil Jarosz <kjarosh256@gmail.com>
 		2024-08-12 19:12:04 +02:00
..
external video: Check OpenH264 library downloads with SHA256 instead of MD5 2024-08-12 19:12:04 +02:00
software video: Add `configure_video_stream_decoder` to the `VideoBackend` trait 2024-05-30 20:22:33 +02:00
src video: Add `configure_video_stream_decoder` to the `VideoBackend` trait 2024-05-30 20:22:33 +02:00
Cargo.toml chore: Use workspace version for thiserror 2024-04-04 17:29:00 +02:00