A vulnerability has been found and corrected in vte:

The vte_sequence_handler_window_manipulation function in vteseq.c
in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in
gnome-terminal, does not properly handle escape sequences, which
allows remote attackers to execute arbitrary commands or obtain
potentially sensitive information via a (1) window title or (2) icon
title sequence. NOTE: this issue exists because of a CVE-2003-0070
regression (CVE-2010-2713).

The updated packages have been patched to correct this issue.