When checking development tree (git tag perl-5.10.1), `-l' option is needed to provoke SEGFAULT:

$ ./perl -I lib -e 'do{}until(1)}'
Unmatched right curly bracket at -e line 1, at end of line
syntax error at -e line 1, near ")}"
Execution of -e aborted due to compilation errors.

$ ./perl -I lib -le 'do{}until(1)}'
Neoprávněný přístup do paměti (SIGSEGV)

5.10.1 is affected
5.11.0 is not affected

Bisect between 5.11.0 and common ancestor found this commit as first unaffected:

commit f9a01fbf80a2dfff95a408098b4f01fe2a12e140
Author: Steffen Mueller <wyp3rlx02>
Date:   Sat Aug 2 19:38:39 2008 +0200

    Tiny SelfLoader patch for better warnings
    Message-ID: <20080802153839.9538.qmail.com>
    Date: Sat, 02 Aug 2008 17:38:39 +0200

    p4raw-id: //depot/perl@34170

Since RHEL 6.3 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Now fix is known.

I cannot reproduce it since perl-5.10.1-127.el6.x86_64.
I can reproduce it up to perl-5.10.1-126.el6.x86_64.

However there was not significant change between these two builds except enabling -Dusesitecustomize build-time option. Despite that valgring shows completely different and much shorter error log.

(In reply to comment #8)
> Now fix is known.
No fix is know.

(In reply to comment #9)
> However there was not significant change between these two builds except
> enabling -Dusesitecustomize build-time option. Despite that valgring shows
> completely different and much shorter error log.

It turned out I had sitecustomize.pl, which started loaded with the 127 release. Without the file 127 and newer releases do not show any flaws under valgrind and interpreter does not seg fault.

The bug is still present on i386 (both .127 and .128), other architectures are ok:

.qa.[root@hp-dl360-05 ~]# perl -I lib -le 'do{}until(1)}'
Segmentation fault (core dumped)

.qa.[root@hp-dl360-05 ~]# valgrind perl -I lib -le 'do{}until(1)}'
==19053== Memcheck, a memory error detector
==19053== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==19053== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info
==19053== Command: perl -I lib -le do{}until(1)}
==19053== 
==19053== Invalid read of size 1
==19053==    at 0x40339C8: Perl_peep (op.c:8264)
==19053==    by 0x4038F56: Perl_newPROG (op.c:2327)
==19053==    by 0x4072556: Perl_yyparse (perly.y:142)
==19053==    by 0x4047E76: S_parse_body (perl.c:2278)
==19053==    by 0x404AAA7: perl_parse (perl.c:1691)
==19053==    by 0x8048977: main (perlmain.c:115)
==19053==  Address 0x110 is not stack'd, malloc'd or (recently) free'd
==19053== 
==19053== 
==19053== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==19053==  Access not within mapped region at address 0x110
==19053==    at 0x40339C8: Perl_peep (op.c:8264)
==19053==    by 0x4038F56: Perl_newPROG (op.c:2327)
==19053==    by 0x4072556: Perl_yyparse (perly.y:142)
==19053==    by 0x4047E76: S_parse_body (perl.c:2278)
==19053==    by 0x404AAA7: perl_parse (perl.c:1691)
==19053==    by 0x8048977: main (perlmain.c:115)
==19053==  If you believe this happened as a result of a stack
==19053==  overflow in your program's main thread (unlikely but
==19053==  possible), you can try to increase the size of the
==19053==  main thread stack using the --main-stacksize= flag.
==19053==  The main thread stack size used in this run was 10485760.
==19053== 
==19053== HEAP SUMMARY:
==19053==     in use at exit: 131,909 bytes in 648 blocks
==19053==   total heap usage: 763 allocs, 115 frees, 136,772 bytes allocated
==19053== 
==19053== LEAK SUMMARY:
==19053==    definitely lost: 176 bytes in 1 blocks
==19053==    indirectly lost: 2,735 bytes in 42 blocks
==19053==      possibly lost: 16 bytes in 1 blocks
==19053==    still reachable: 128,982 bytes in 604 blocks
==19053==         suppressed: 0 bytes in 0 blocks
==19053== Rerun with --leak-check=full to see details of leaked memory
==19053== 
==19053== For counts of detected and suppressed errors, rerun with: -v
==19053== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 22 from 8)
Segmentation fault (core dumped)

.qa.[root@hp-dl360-05 ~]# rpm -q perl
perl-5.10.1-128.el6.i686

.qa.[root@hp-dl360-05 ~]# gdb core.18947
....
(gdb) i th
* 1 Thread 0xb77d36c0 (LWP 18947)  Perl_peep (my_perl=0x808b008, o=<value optimized out>) at op.c:8264
(gdb) t a a bt

Thread 1 (Thread 0xb77d36c0 (LWP 18947)):
#0  Perl_peep (my_perl=0x808b008, o=<value optimized out>) at op.c:8264
#1  0x0074df57 in Perl_newPROG (my_perl=0x808b008, o=0x80acc98) at op.c:2327
#2  0x00787557 in Perl_yyparse (my_perl=0x808b008) at perly.y:142
#3  0x0075ce77 in S_parse_body (my_perl=0x808b008, env=0x0, xsinit=0x8048a00 <xs_init>) at perl.c:2278
#4  0x0075faa8 in perl_parse (my_perl=0x808b008, xsinit=0x8048a00 <xs_init>, argc=5, argv=0xbfbeaf24, env=0x0)
    at perl.c:1691
#5  0x08048978 in main (argc=5, argv=0xbfbeaf24, env=0xbfbeaf3c) at perlmain.c:115
(gdb)

No fix is known. The bug exhibits on i386 only. Newer Perl versions (5.16 in RHEL-7) seems not tainted.