Rather unlikely. The bad actor never had access to git.tukaani.org, and the sshd version running on that host is:

    SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u3

That is, a stable Debian release. Definitely not one with liblzma5:5.6.x