I believe it was a few months ago that a trusted 2-year linux kernel submitter sabotaged the distributions. Pardon the lack of hard details, but IIRC, 10% of the distribution base subject to regular patching suffered the exploit. Corrective patches were available within ~12 hours. A related article appeared in the The Register. BTW, the take away concerned the pros & cons of Open Source where the pros outweighed the cons.