We just released diaspora* version 0.6.4.1 which fixes a possible Remote Code Execution (CVE-2016-4658) and a possible DoS (CVE-2016-5131) by updating Nokogiri, which in turn updates libxml2.
Updating
Please update as soon as possible. Update instructions are available as usual in the wiki.