On December 8th it was announced that the so-called POODLE attack against the SSL 3.0 protocol actually affects some implementations of TLS 1.0, 1.1 and 1.2.
Contrary to the original Poodle-against-SSL attack, the Poodle-against-TLS attack does not rely on a design flaw in the protocol, but on a bug in some implementations, which incorrectly chose to reuse their SSL 3.0 implementation of padding for TLS 1.0 and higher.
PolarSSL implements the relevant RFCs properly, so it is not affected by this issue. Users running PolarSSL on both ends of the connection are not vulnerable to the Poodle-against-TLS attack.
Users running PolarSSL on one end and a vulnerable implementation (so far only some F5 and A10 devices are known to be vulnerable) on the other end, might be affected. See our previous post on POODLE for more details on the scope of the attack and possible counter-measures. Obviously the best fix is to get the other end to patch their implementation.