alt Hacker News> and it was caught luckily at the last minute
This isn't correct at all. The changes were merged into xz and made it into testing branches of major Linux distros.
It was caught at T plus a few minutes only because a neurotic Microsoft employee performing debugging noticed an obscure performance issue.
You can literally say Microsoft saved Linux that day. Imagine thinking this 25 years ago.
It's the difference between something really bad which happened, and something really, really, really, really bad: a malicious actor having RCE credentials to every new Debian and Red Hat box on planet Earth.
Redhat actually stumbled on the bug separately with valgrind errors triggering, so it's days were likely numbered regardless. Probably saved them a lot of debugging but the writing was on the wall.