Yikes: A backdoor in xz, after 3 years of social engineering and a bunch of sock puppet accounts to gain maintainer access. 😱

This line is particularly interesting. I wonder if oss-fuzz could mitigate this by requiring reports to go to multiple places? Hard to verify independence, though.

…
2023-03-20: Jia Tan updates Google oss-fuzz configuration to send bugs to them.
…