The newentry target accepts an optional parameter CVE_ID. When
provided, the newentry.sh scripts tries to retrieve information from the NVD and
MITRE databaseis and fill the template accordingly.
Althoug it breaks the style in the script, I used the `$()` syntax in favor of
backtics.
The script needs `textproc/jq` and warns the user and exists if it is not found:
```
$ make newentry CVE_ID=CVE-2022-39282
textproc/jq is needed for CVE automatic entry fill
*** Error code 1
```
How to use it:
`make newentry CVE_ID=CVE-2022-39282`
creates the following entry:
```
<vuln vid="7a2f7b82-b9d7-11ed-9818-dcfe074bd614">$
<topic>freerdp -- RDP client: Read of uninitialized memory with parallel port redirection</topic>$
<affects>$
<package>$
>>>>>>>><name>freerdp</name>$
>>>>>>>><range><lt>2.8.1</lt></range>$
</package>$
</affects>$
<description>$
<body xmlns="http://www.w3.org/1999/xhtml">$
>>>>>>>><p>SO-AND-SO reports:</p>$
>>>>>>>><blockquote cite="https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1">$
>>>>>>>> <p>FreeRDP is a free remote desktop protocol library and clients.$
>>>>>>>>FreeRDP based clients on unix systems using `/parallel` command$
>>>>>>>>line switch might read uninitialized data and send it to the server$
>>>>>>>>the client is currently connected to. FreeRDP based server$
>>>>>>>>implementations are not affected. Please upgrade to 2.8.1 where$
>>>>>>>>this issue is patched. If unable to upgrade, do not use parallel$
>>>>>>>>port redirection (`/parallel` command line switch) as a workaround..</p>$
>>>>>>>></blockquote>$
</body>$
</description>$
<references>$
<cvename>CVE-2022-39282</cvename>$
<url>https://nvd.nist.gov/vuln/detail/CVE-2022-39282</url>$
</references>$
<dates>$
<discovery>2022-10-12</discovery>$
<entry>2023-03-03</entry>$
</dates>$
</vuln>$
```
If used without the `CVE_ID` parameter, it generates the same output as before.
Note that this is just a helper. *YOU HUMAN* have to check that the information
is correct.