[HIGH] Saving user accounts can sometimes grant the user all roles

PKSA-vf9k-szc7-mht3 CVE-2016-3169 GHSA-q3p9-8728-wq7x

Affected package: drupal/core

Affected version: >=8.0,<8.0.4

Reported by:
FriendsOfPHP/security-advisories, GitHub