[HIGH] Saving user accounts can sometimes grant the user all roles

PKSA-dftb-k553-yc5x CVE-2016-6211 GHSA-frqf-9qr4-6vxf

Affected package: drupal/core

Affected version: >=8.0,<8.1.0|>=8.1.0,<8.1.3

Reported by:
FriendsOfPHP/security-advisories, GitHub