That would break lots of tools as it requires extra dependencies so it is not something that would could in stable versions.
Btw, I do not believe that "it would require end users to install autotools and bison in order to compile PHP from tarballs" is valid reason to delay the patching of a serious attack vector ASAP.
Regards, Daniil Gentili.
