You get it slightly wrong. Bugs are usually fixed in one codebase, the one that the maintainer of the broken program holds. The role of the distributers is quality assurance. They make sure the fix doesn't break anything in their distro. (As it normally shouldn't). So its more like the bug is fixed in one codbase and tested in 400.
True, windows update is unheard of in the Linux world, instead we have aptget, yum, and some distibution dependent update mechanisms that work just as well as windows update, with the exeption that they update all programns not just the OS.
As a further precasion most Linux distros use digital signatures to ensure the validity of the source of the update.