See also https://polarssl.org/tech-updates/releases/polarssl-1.2.6-released and https://polarssl.org/tech-updates/releases/polarssl-1.1.6-released (if 1.1.x is still maintained in Gentoo)
Thank you for the report, Manuel.
version 1.2.8 just added, which also fixes the following DoS:
Added to existing GLSA draft
This issue was resolved and addressed in
GLSA 201310-10 at http://security.gentoo.org/glsa/glsa-201310-10.xml
by GLSA coordinator Sergey Popov (pinkbyte).