Not in this case.
People who use PHP 4.4.4 for stability reasons have not been offered a security update, and need to patch PHP manually.
PHP 5.1 was dumped, and people who wanted the latest security fixes had to upgrade to 5.2 or roll their own security fixes.
Perhaps this is hard to believe if -- as is evidently your situation -- you aren't in a position where you have to pay attention to security updates of core modules such as PHP, but trust me, this is
a core problem with PHP, and no, your mileage does not vary.
If you, however, should be in the situation where you need to administer computers and maintain software, Secunia
is one of several pretty decent sources for disclosed vulnerabilities.
Here's the writeup for the htmlentities() and htmlspecialchars() remote system access vulnerability in all
versions prior to 5.2.0:http://secunia.com/advisories/22653/
There are also two currently unpatched but disclosed vulnerabilities:http://secunia.com/product/5768/?task=advisories
We expect to see a whole lot more disclosed vulnerabilities in January.