Merge pull request #441 from envoyproxy/auto-merge-release-v1-34

auto-merge envoyproxy/envoy[release/v1.34] into envoyproxy/envoy-openssl[release/v1.34]

Author: github-actions[bot]

changelogs/current.yaml

@@ -8,6 +8,14 @@ minor_behavior_changes:
 
 bug_fixes:
 # *Changes expected to improve the state of the world and are unlikely to have negative effects*
+- area: dns
+  change: |
+    Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
+
+    Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
+
+    advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
+
 
 removed_config_or_runtime:
 # *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`

changelogs/summary.md

@@ -0,0 +1,12 @@
+**Summary of changes**:
+
+* Security updates:
+
+  Resolve dependency CVEs:
+  - c-ares/CVE-2025-0913:
+      Use after free can crash Envoy due to malfunctioning or compromised DNS.
+
+While a potentially severe bug in some cloud environments, this has limited exploitability
+as any attacker would require control of DNS.
+
+Envoy advisory is here https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f