There is a link to github commit in the "Notes" section for each CVE [1].

[1]: https://security-tracker.debian.org/tracker/source-package/r...

Well, doesn't seem the issue would have been avoidable other than with "harder thinking" or better testing or something like that.

Maybe model checkers could be used, but perhaps the search space is too large for all the featuers, and keeping the source in sync with the model could be quite fragile. And who knows, maybe the model would have the same issue.

Sudo is overcomplicated and since this is a drop-in replacement, it inherits all the complexities.