As far as I know PR 1.3.1 is really just a security update imposed by the Diginotar breach. It removes the compromised DigiNotar root CA and more importantly adds blacklisting for the intermediate signing certificates of DigiNotar based on other CAs.
However, the CSSU included the same fixes already in September. I think it was a decent move from Nokia to provide this update but at this time and age the CSSU just is better. The latest CSSU update includes a couple of new blacklisted certificates owned and misused by the agricultural ministry of Malesia (Digisign*Enrich), strictly following Mozilla.
CSSU is compatible with both PR 1.3 and 1.3.1. AFAIK no more upgrades coming from Nokia so I heartly recommend enabling CSSU.