I've now reported the bug upstream, and asked the upstream whether they consider that the information needs to remain private until a fix. My main worry is that people will send the byte sequence in question to IRC channels or similar places particularly likely to echo all text received into a terminal, or inject the byte sequence in question into a log file, thus making the terminal unusable and pegging a CPU core of the system. If you feel those consequences are sufficiently small that the risk of making the bug report public is worth it, then I have no objection to making the bug public. Otherwise, it's likely best to wait to hear what upstream has to say.
I've now reported the bug upstream, and asked the upstream whether they consider that the information needs to remain private until a fix. My main worry is that people will send the byte sequence in question to IRC channels or similar places particularly likely to echo all text received into a terminal, or inject the byte sequence in question into a log file, thus making the terminal unusable and pegging a CPU core of the system. If you feel those consequences are sufficiently small that the risk of making the bug report public is worth it, then I have no objection to making the bug public. Otherwise, it's likely best to wait to hear what upstream has to say.