@sjvn read the long thread at the Arch bugzilla if they were affected or not, seems they got to the conclusion that they don't use the tarball but pull directly from the git.
Yeah, it was a "clever" work to infect Linux distributions, kind of brings my mind to the ms win98se with preinstalled virus.
Here is a site that claims to check your binary if it's affected (don't have a known version that was affected so can't confirm):