diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes
index 1c2b076..9cc16a5 100644
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Jul 28 09:17:35 UTC 2017 - chris@computersalat.de
+
+- fix for boo#1050980
+  * replace mcrypt with openssl, see
+    https://github.com/phpseclib/phpseclib/issues/1028
+- update changes (update to 4.6.6 (2017-01-23))
+  * add missing (CVE-Not yet available) CVE's
+
 -------------------------------------------------------------------
 Sat Jul 22 08:03:55 UTC 2017 - ecsos@opensuse.org
 
@@ -276,25 +285,25 @@ Wed Jan 25 22:12:33 UTC 2017 - chris@computersalat.de
   * PMASA-2016-44 (CVE-2016-6621, CWE-661)
     https://www.phpmyadmin.net/security/PMASA-2016-44/
     - Multiple vulnerabilities in setup script
-  * PMASA-2017-1 ( CVE-Nya, CWE-661)
+  * PMASA-2017-1 (CVE-2017-1000013, CWE-661)
     https://www.phpmyadmin.net/security/PMASA-2017-1/
     - Open redirect
-  * PMASA-2017-2 ( CVE-2015-8980, CWE-661)
+  * PMASA-2017-2 (CVE-2015-8980, CWE-661)
     https://www.phpmyadmin.net/security/PMASA-2017-2/
     - php-gettext code execution
-  * PMASA-2017-3 ( CVE-Nya, CWE-661)
+  * PMASA-2017-3 (CVE-2017-1000014, CWE-661)
     https://www.phpmyadmin.net/security/PMASA-2017-3/
     - DOS vulnerabiltiy in table editing
-  * PMASA-2017-4 ( CVE-Nya, CWE-661)
+  * PMASA-2017-4 (CVE-2017-1000015, CWE-661)
     https://www.phpmyadmin.net/security/PMASA-2017-4/
     - CSS injection in themes
-  * PMASA-2017-5 ( CVE-Nya, CWE-661)
+  * PMASA-2017-5 (CVE-2017-1000016, CWE-661)
     https://www.phpmyadmin.net/security/PMASA-2017-5/
     - Cookie attribute injection attack
-  * PMASA-2017-6 ( CVE-Nya, CWE-661)
+  * PMASA-2017-6 (CVE-2017-1000017, CWE-661)
     https://www.phpmyadmin.net/security/PMASA-2017-6/
     - SSRF in replication
-  * PMASA-2017-7 ( CVE-Nya, CWE-661)
+  * PMASA-2017-7 (CVE-2017-1000018, CWE-661)
     https://www.phpmyadmin.net/security/PMASA-2017-7/
     - DOS in replication status
 - remove obsolete phpMyAdmin-12757_sql_syntax_errror.patch
diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec
index 611fed9..3b1a335 100644
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@@ -57,8 +57,8 @@ Requires:       php-gettext
 Requires:       php-iconv
 Requires:       php-json
 Requires:       php-mbstring
-Requires:       php-mcrypt
 Requires:       php-mysql
+Requires:       php-openssl
 Requires:       php-session
 Requires:       php-zlib
 # FIXME: use proper Requires(pre/post/preun/...)
@@ -68,6 +68,9 @@ PreReq:         pwgen
 PreReq:         sed
 Recommends:     php5-curl
 Recommends:     php5-zip
+### will be removed with php >= 7.2
+## boo#1050980
+Suggests:       php-mcrypt
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 %if 0%{?suse_version} > 1020