I think that depends on your password management policies. If you are using a unique password for every site, change them all now and then change the ones that were vulnerable again after they are patched. If you are like many people and reuse passwords, you should not change that password to be one you use at a patched site.