Here is how I did it :
Get a list of installed packages originating from AUR using 'yay' :
yay -Qam > packages_aur.last
curl https://md.archlinux.org/s/SxbqukK6IA/download > compromised.txt
grep -wFf compromised.txt packages_aur.last
Thank you for this! I only had two on my system, thank goodness. I have uninstalled both.
libgdata 0.18.1-5 qt5-3d 5.15.18-1
Have you checked the install date? I'm not sure which are the compromised version numbers, but if they were installed before June 10 you're probably safe. (I think libgdata 0.18.1-5 used to be on the main repos in February, and has recently been downgraded to AUR, so you may be fine).
Only packages from AUR have been compromised, meaning a normal update `pacman -Syu` won't install them, they'll only be installed by `makepkg` or AUR helpers (such as `paru`, which asks you to review the PKGBUILD diff).
Also, if you had installed a compromised version, uninstalling the packages is not enough, you'd probably need to reinstall your system and rotate all credentials. More info here and on the linked blog: https://discourse.ifin.network/t/400-aur-packages-compromise...