Yep, that was the infamous XZ Utils issue, NVD - CVE-2024-3094. It used both an opaque binary blob in a test file and only activated it through some build systems (and required a malicious actor years to build trust and maintainership).
Yggdrasil actually built an XZ with the exploit code, but it wasn’t activated on that build system. PSA: backdoor in xz-utils and relevance for the Julia ecosystem