I'm no cli pro so I bet this is an easy question.

For PCI compliance, according to this url http://www.ubuntu.com/usn/usn-2276-1/, for Ubuntu 13.10 I need php5-cgi 5.5.3+dfsg-1ubuntu2.6.

when I do
dpkg-query --show php5-cgi
it returns:
php5-cgi

which I assume means I'm not on the version require to patch this vulnerability. Yet
sudo apt-get upgrade
shows nothing to upgrade.

what am I doing wrong?

Hello and Welcome

If using 13.10 it is no longer supported and the repository is not available.

how quickly time flies! It seems like just yesterday I installed this long term support package. Well, thanks for the answer!

apt-cache policy php5-cgi