Did the artefact produced [0] for fussing even include the backdoored .so? My understanding was that the compromised build-scripts had measures to only run when producing deb/rpms.

https://github.com/google/oss-fuzz/blob/5f70676a6c9050b9cb68...