Comment 0 for bug 1969856

While investigating a potentially compromised system, I ran `bash --version` and got the following:

`GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)`

Disquieting, given that I had just installed a package named `bash_4.4.18-2ubuntu1.3_amd64.deb`. I downloaded the `.deb` archive and, upon extracting it, checked its hash (SHA256) against the instance on my path. They were the same (`15d4469eb3da716fefcc0c395a5b1d1657ad0555ec3ae623e727bb0dfcee19cf`).

Why is the version reported by the binary different from the version used to denote the package?