my understanding is that fuzzing "caught" the issue by crashing with ifunc disabled

but it wouldn't have "caught" the backdoor which uses public key cryptography

Did the artefact produced [0] for fussing even include the backdoored .so? My understanding was that the compromised build-scripts had measures to only run when producing deb/rpms.

https://github.com/google/oss-fuzz/blob/5f70676a6c9050b9cb68...