I've started to take a look at the binary that was uploaded - it seems it wasn't just Gitea that got hit by this, but also https://github.com/opencompany/www.opencompany.org which too has a strange release associated with the repository.
Far as I know, no. Asked this question on the issue page. Really want to find out as I have at least one server that could have been affected. Kind of frustrating that this is all the information there is.
> Most of go-gitea organization repositories new release&tag was created with name 0 and added install.exe binary (13KB in size) to that release that was malicious (from our analysis contained crypto currency miner)
My findings as they go are being shoved into a blog post: https://grh.am/2018/a-look-at-the-compromised-gitea-release/