Given that most of those users will not be capable of patching it directly, no, that seems like it would be irresponsible.

Why not? Only a tiny fraction of curl user get it from the upstream website/repo. Most users get curl/libcurl from their OS/application vendor or package manager, all of them having their own maintainers. There is no reason a temporary patch couldn't be produced by them in the meantime.