A vulnerability was found in Calibre. It was found that a javascript present in the book can access files on the computer using XMLHttpRequest. Upstream patch: https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c Upstream bug: https://bugs.launchpad.net/calibre/+bug/1651728
Created calibre tracking bugs for this issue: Affects: fedora-all [bug 1417557]
CVE assignment: http://seclists.org/oss-sec/2017/q1/242
A fix for this CVE was merged in Calibre on 21/12/2016 and became part of version 3.1.1. https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c
If the fix was merged in Calibre 3.1.1, then we can probably close this ticket, right? 3.1.1 was a while ago.