Yeah, you need to make sure before you change the password that the respective site has fixed the problem...if you don't, then someone recently exploiting the vulnerability may not have your old password, but will get the new one!
What is going on with Heartbleed? Is the threat over or is it still potentially harmful for Internet users? Heartbleed Bug This site is a bit vague as to the ongoing threats. Launched back in April, it surely is resistant!