We no longer believe the « git.php.net » server has been compromised. However, it is possible that the master.php.net user database leaked

On March 28, unidentified actors used the names of Rasmus Lerdorf and Popov to push malicious commits to the « php-src » repository hosted on the git.php.net server that involved adding a backdoor to the PHP source code in an instance of a software supply chain attack.

https://news-web.php.net/php.internals/113981