I thought Arch was the only rolling distro that doesn't have the backdoor. Its sshd is not linked with liblzma, and even if it were, they compile xz directly from git so they wouldn't have gotten the backdoor anyway.
The extent of the exploit is still being analyzed so I would update and keep your eye on the news. If you don't need your computer you could always power down.