The vendor-sec list is where distributors discuss security problems which have not yet been disclosed to the public. It turns out that the machine which hosts this list was compromised, probably in January, and any subsequent traffic was not as secret as participants may have hoped. Since the announcement, the machine has been totally vandalized by the attacker, and vendor-sec is down. The thread is interesting to read; much of it concerns whether the community still needs a closed list like vendor-sec or not.
Read more at LWN
