modsecurity_crs_10_config.conf sets SecServerSignature to a "Fedora" branded value - it's better to set this to just plain "Apache".
This setting was nuked in the stock config around 2.5.11ish, so it's no longer a bug.