See also https://polarssl.org/tech-updates/releases/polarssl-1.2.6-released and https://polarssl.org/tech-updates/releases/polarssl-1.1.6-released (if 1.1.x is still maintained in Gentoo)
Thank you for the report, Manuel.
version 1.2.8 just added, which also fixes the following DoS: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03
Added to existing GLSA draft
This issue was resolved and addressed in GLSA 201310-10 at http://security.gentoo.org/glsa/glsa-201310-10.xml by GLSA coordinator Sergey Popov (pinkbyte).