web/security: use same length git hash for CVE-2017-14171