Because they aren't actually releasing a package for 1.0.1g.
Remember that the idea for the LTS releases is that as little as possible is changed ("stable") over a period of several years ("long term"). Upgrading to new versions of packages with new bugs^Wfeatures has the very real possibility of "breaking" stable environments.
Instead of doing that, they simply incorporate the patch/fix into the version of the software that the release shipped with. They can't, then, call it 1.0.1g because, well, it's not -- it is, for example, 1.0.1c with this patch applied.
It's for that reason that you can't trust the version numbers on the packages themselves.
(Several years ago, I would get really pissed off at Nessus because it generate false positives by simply looking at the version numbers of installed packages. These were scans of RHEL boxes as part of PCI and it caused a lot of extra work. I've no idea if Nessus still does that or not but I'm sure other, similar software does the same thing.)
Remember that the idea for the LTS releases is that as little as possible is changed ("stable") over a period of several years ("long term"). Upgrading to new versions of packages with new bugs^Wfeatures has the very real possibility of "breaking" stable environments.
Instead of doing that, they simply incorporate the patch/fix into the version of the software that the release shipped with. They can't, then, call it 1.0.1g because, well, it's not -- it is, for example, 1.0.1c with this patch applied.
It's for that reason that you can't trust the version numbers on the packages themselves.
(Several years ago, I would get really pissed off at Nessus because it generate false positives by simply looking at the version numbers of installed packages. These were scans of RHEL boxes as part of PCI and it caused a lot of extra work. I've no idea if Nessus still does that or not but I'm sure other, similar software does the same thing.)