It was discovered that the default installation of www-servers/nginx on Gentoo sets similar problematic permissions like Debian on "/var/log/nginx" and is therefore vulnerable to the same potentially root privilege escalation described in CVE-2016-1247 [1]. [1] https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
Fixed ebuilds are now in repository, https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e9a4ebc9ca7bb35814cacf85c9a28cdab6fdf9f @ Arches, please test and mark stable: =www-servers/nginx-1.10.2-r3
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Cleaned up via 688c54e5f570cfe816f69f5452817a320427474a New GLSA request filed.
This issue was resolved and addressed in GLSA 201701-22 at https://security.gentoo.org/glsa/201701-22 by GLSA coordinator Aaron Bauman (b-man).