I think that depends on your password management policies. If you are using a unique password for every site, change them all now and then change the ones that were vulnerable again after they are patched. If you are like many people and reuse passwords, you should not change that password to be one you use at a patched site.
a) Leaving your password unchanged on a site because it is still vulnerable.
b) Changing your password on a site that is still vulnerable.