Description:
i ran:

/usr/bin/mysql_secure_installation

just after installing, and set a password with a $ sign and a # sign.  after updating the script failed with an auth error:

Set root password? [Y/n] y
New password:             
Re-enter new password:    
Password updated successfully!
Reloading privilege tables..  
 ... Success!                 

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for    
them.  This is intended only for testing, and to make the installation 
go a bit smoother.  You should remove them before moving into a        
production environment.                                                

Remove anonymous users? [Y/n] y
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
 ... Failed!

How to repeat:
1) run /usr/bin/mysql_secure_installation
2) set a root password with a $ or # (it was probably the $ that did it)
3) try to continue

Suggested fix:
in /usr/bin/mysql_secure_installation, change line 50 from:

    echo "password=$rootpass" >>$config

to:

    echo "password='$rootpass'" >>$config

just adding single quotes around $rootpass fixed this issue for me

Thank you for the problem report and fix suggested,

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/88817

2834 Timothy Smith	2009-10-30
      Bug#48031: mysql_secure_installation -- bash bug regarding passwords with
      special chars
      
      This script failed when the user tried passwords with multiple spaces, \, # or
      ' characters.  Now proper escaping and quoting is used in all contexts.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/88819

2835 Timothy Smith	2009-10-30
      Bug#48031: mysql_secure_installation -- bash bug regarding passwords with
      special chars
      
      Fix the escaping / quoting problem in the Perl version of this script, too.
      The Perl version is packaged with the Windows binaries and suffered from
      most of the same problems as the sh version.

Both of the previous two commits are relevant here; one fixes the Bourne shell script, the second fixes the Perl script.

OK, perhaps you should explain exactly what basic_single_escape does, esp. the sh version is a bit cryptic. :-)

Also, what's that commented-out sed line appearing twice?

I don't yet understand the shell version of "basic_single_escape".
To me, the square brackets for the character class look unbalanced,
and the nesting of single and double quotes seems not to fit into a character class.

The Perl version looks correct;
using a character class with a single element (the escaped single quote) might be overkill but allows future expansion should it be needed.

Comment to last comment: that character class actually consists of backslash and single quote, the quote is not escaped in this context.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/89222

2836 Timothy Smith	2009-11-03
      Bug#48031: mysql_secure_installation -- bash bug regarding passwords with
        special chars
      
      This script failed when the user tried passwords with multiple spaces, \, # or
      ' characters.  Now proper escaping and quoting is used in all contexts.
      
      This problem occurs in the Perl version of this script, too, so fix it in both
      places.

I'm OK with this now.

The comments are very helpful - approved.

Pushed into 5.0.89 (revid:joro@sun.com-20091202075830-mzl79q7mc1v72pf1) (version source revid:timothy.smith@sun.com-20091104210831-snletv3dgukwjq64) (merge vers: 5.0.88) (pib:13)

Pushed into 5.1.42 (revid:joro@sun.com-20091202080033-mndu4sxwx19lz2zs) (version source revid:kristofer.pettersson@sun.com-20091109223504-xvwgsdqiyuve6frt) (merge vers: 5.1.41) (pib:13)

A note has been added to the 5.0.89 and 5.1.42 changelog:

When running mysql_secure_installation, the command would fail if the root password contained multiple spaces, \, # or quote characters.

Pushed into 6.0.14-alpha (revid:alik@sun.com-20091216083311-xorsasf5kopjxshf) (version source revid:alik@sun.com-20091214191830-wznm8245ku8xo702) (merge vers: 6.0.14-alpha) (pib:14)

Pushed into 5.5.0-beta (revid:alik@sun.com-20091216082430-s0gtzibcgkv4pqul) (version source revid:alexey.kopytov@sun.com-20091124081906-6pqi7e7sajimog71) (merge vers: 5.5.0-beta) (pib:14)

Pushed into mysql-next-mr (revid:alik@sun.com-20091216083231-rp8ecpnvkkbhtb27) (version source revid:alik@sun.com-20091212203859-fx4rx5uab47wwuzd) (merge vers: 5.6.0-beta) (pib:14)

Changelog entries added to the 5.5.1 and 6.0.14

Probably duplicate bug #49848

Pushed into 5.1.44-ndb-7.0.14 (revid:jonas@mysql.com-20100312135944-t0z8s1da2orvl66x) (version source revid:jonas@mysql.com-20100312115609-woou0te4a6s4ae9y) (merge vers: 5.1.44-ndb-7.0.14) (pib:16)

Pushed into 5.1.44-ndb-6.2.19 (revid:jonas@mysql.com-20100312134846-tuqhd9w3tv4xgl3d) (version source revid:jonas@mysql.com-20100312060623-mx6407w2vx76h3by) (merge vers: 5.1.44-ndb-6.2.19) (pib:16)

No changelog entry required (already noted in earlier changelog)

Pushed into 5.1.44-ndb-6.3.33 (revid:jonas@mysql.com-20100312135724-xcw8vw2lu3mijrhn) (version source revid:jonas@mysql.com-20100312103652-snkltsd197l7q2yg) (merge vers: 5.1.44-ndb-6.3.33) (pib:16)

No changelog entry needed.