Some pools like BtcGuild are not affected for unclear reason. Probably because they're using proprietary software.
Yes, they are. Same thing with Bitminter. I would expect most pools are using their own software and are not vulnerable.
I thought ghash had their own implementation as well. Although of course they could have made the same mistake.
I hope you contacted these pools and gave them a chance to fix the issue before going public with it.