The RSA blinding method introduced in PolarSSL 1.2.9 was not thread-safe. PolarSSL 1.2.10 uses a slower, but thread-safe version of blinding the RSA private operation.
A memory leak in RSA blinding has been fixed in addition to the Microsoft Visual Studio (MSVC) project files we deliver with our source code.
Who should update
Our advice for users of the PolarSSL 1.2 branch is to update!
Get your copy here: polarssl-1.2.10-gpl.tgz
The hashes for polarssl-1.2.10-gpl.tgz are:
SHA-1 : ff4a75581359fe5b01aa2910bb27168a8e31800b SHA-256: b45a06b2fdeb0833970e6fb69bc331f2757a1b7e85537b02c1f169434ed888fa