It was discovered that the default installation of www-servers/nginx on
Gentoo sets similar problematic permissions like Debian on "/var/log/nginx"
and is therefore vulnerable to the same potentially root privilege
escalation described in CVE-2016-1247 .
Fixed ebuilds are now in repository, https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e9a4ebc9ca7bb35814cacf85c9a28cdab6fdf9f
please test and mark stable: =www-servers/nginx-1.10.2-r3
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Cleaned up via 688c54e5f570cfe816f69f5452817a320427474a
New GLSA request filed.
This issue was resolved and addressed in
GLSA 201701-22 at https://security.gentoo.org/glsa/201701-22
by GLSA coordinator Aaron Bauman (b-man).