Comment by charcircuit
15 days ago
CVE-2008-0166 a maintainer added a security bug to openssl and it was distributed to many machines resulting in many weak ssh keys being generated. Between openssl releasing their library and it making its way to end user's machines a security vulnerability was injected.
That was literally before the first production Android phone become available. Does not seem to be a particularly common occurance. Though due to the current world situation, supply chain attacks might admittedly become more common.