From your linked posting:
[…] releasing an update with the backdoor code removed (xz 5.6.1-2) […]
They don’t have a 5.6.2 version, they’ve patched 5.6.1 to exclude some of the exploit code.
10 days for a high security risk
At the moment there doesn’t seem to be a security risk on NixOS (similar to what OpenMandriva pointed out). The exploit was included during build-time. If you want to be extra safe you could move away from -unstable to 2311, which in general includes security fixes quicker than unstable (and doesn’t contain this CVE in particular).