I closed #815840 with the upload that fixed CVE-2012-6687, but Tianon
rightly suggests that the best solution would be to use libfcgi-dev and
ignore the bundled version of libfcgi.
This doesn't seem to be so simple, though; he is running into undefined
symbols, and I noticed that the RCS version header for os_unix.c is
_newer_ in libfcgi-perl than what's in libfcgi-dev. Plus libfgi upstream
seems dead as in "after many quiet years, the mailing list address