In addition to the fix for CVE-2013-0169, PolarSSL 1.2.5 corrects the following problem: "PolarSSL ... The code does not sanity check padlen before running the padding check, meaning that out-of-bounds comparisons may be made" (a possible denial-of-service issue for some applications)
Created polarssl tracking bugs for this issue Affects: fedora-all [bug 907982]