Security advisories are issued by CERT (The Computer Emergency Response Team).
Discussion of Unix-related security issues go on in the comp.security.unix newsgroup.
sendmail related security problems in the sendmail implementation should be sent to sendmail-security-YYYY@support.sendmail.org (replace YYYY with the current year, e.g., 2005). The sendmail-security address is only for reporting security problems in sendmail. Please consider using PGP, the public key is available in the file PGPKEYS of the sendmail distribution. The KeyID is 0x16F4CCE9 and the fingerprint is 18 A4 51 78 CA 72 D4 A7 ED 80 BA 8A C4 98 71 1D. Please DO NOT use this address to report problems that are not related to the security of the sendmail server. Questions about stopping spam, how to set up your own certificate authorities, etc. should be asked in comp.mail.sendmail. Also, don't bother telling us that you can forge mail by using telnet to port 25. This is a fundamental part of the Internet design for SMTP, not a sendmail problem.