Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written
in Ruby, which could allow a remote attacker to delete arbitrary files
which are writable to the Hiki user, via a specially crafted session
parameter.
For the stable distribution (etch), this problem has been fixed in version
0.8.6-1etch1.
For the unstable distribution (sid) this problem has been fixed in version
0.8.7-1.
We recommend that you upgrade your hiki package.