If you don't update then the bug exists.
If you update it gets disabled.
It all depends, of course, on the bug severity. If we're talking of some piddling CVSS 1 bug, and you can get a proper fix out in a week or so, then of course you can probably live with it until you fix it properly.
On the other hand I've just found a CVSS 9+ bug in an infrequently-used program that lets an ordinary user become root. The fix will require redesign which will take some time to develop and test.
Am I going to disable that program until we have the fix, even though the bug isn't known yet and even if it's inconvenient? Too fscking right I am.