It looks like git clone https://git.tukaani.org/xz.git still works for now (note: you will obviously be cloning malware if you do this) - that is, however, trusting the project infrastructure that compromised maintainers could have had access to, so I'm not sure if it is unmodified.
HEAD (git rev-parse HEAD) on my result of doing that is currently 0b99783d63f27606936bb79a16c52d0d70c0b56f, and it does have commits people have referenced as being part of the backdoor in it.
That was me. I'm part of ArchiveTeam and Software Heritage and I'm one of the Debian sysadmins, the latter got some advanced notice. I figured archives of xz related stuff would be important once the news broke, so I saved the xz website and the GitHub repos. I regret that I didn't think to join the upstream IRC channel and archive the rest of the tukaani.org domain, nor archive the git.tukaani.org repos. Been archiving links from these threads ever since the news broke.
HEAD (git rev-parse HEAD) on my result of doing that is currently 0b99783d63f27606936bb79a16c52d0d70c0b56f, and it does have commits people have referenced as being part of the backdoor in it.