schema/v5.0: require at least one English-language description

Per CNA rules, descriptions must contain at least one English-language description,
which we take to mean a BCP 47 language tag beginning with "en".

Fixes #112.

Author: rsc

schema/v5.0/CVE_JSON_5.0.schema

@@ -739,13 +739,22 @@
             ],
             "additionalProperties": false
         },
+        "englishLanguageDescription": {
+            "type": "object",
+            "description": "A description with lang set to an English language (en, en_US, en_UK, and so on).",
+            "properties": {"lang": {"$ref": "#/definitions/englishLanguage"}},
+            "required": ["lang"]
+        },
         "descriptions": {
             "type": "array",
             "description": "A list of multi-lingual descriptions of the vulnerability. E.g., [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]. OR [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] [ROOT CAUSE], which allows [ATTACKER] to [IMPACT] via [VECTOR].",
             "minItems": 1,
             "uniqueItems": true,
             "items": {
                 "$ref": "#/definitions/description"
+            },
+            "contains": {
+                "$ref": "#/definitions/englishLanguageDescription"
             }
         },
         "problemTypes": {
@@ -1028,6 +1037,11 @@
             "default": "en",
             "pattern": "^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"
         },
+        "englishLanguage": {
+            "type": "string",
+            "description": "BCP 47 language code, language-region, required to be English",
+            "pattern": "^en([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$"
+        },
         "taxonomyMappings": {
             "type": "array",
             "description": "List of taxonomy items related to the vulnerability",